Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Web sites compromised by IIS attack
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Fri, 02 Jul 2004 10:01:33 -0400

Denis Dimick wrote:

Barry,

I have to agree with you one once a company changes the code then they own it. However wrapping the same old software in an RPM to me does not change it enough to have "someone" else own the code.

Per the Free Software model it does. The key point here is that Red Hat is redistributing the code and making a profit off of it. It's Red Hat's choice regarding whether to redistribute said code. Since they're making the money off of it, they have to support it.

I do find it "funny" that sendmail and BIND have been thrown out in the e-mails (don't think it was you) But these two applications are some of the most buggy bits of code ever written.

There are far better aplications out there if someone want to run a mail or dns server if you ask me.


Sendmail and Bind have been riddled with bugs, this is true, but I don't know if I'd label them some of the most buggy bits of code ever written. :)

But, as you said, there are far better choices out there -- and Red Hat (hypothetically speaking, of course) has the choice to distribute those instead of sendmail/bind.

                  -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]