Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: "Michael A Fusaro II" <maf () mafii com>
Date: Fri, 24 Mar 2006 18:31:01 -0500

Theo de Raadt wrote:
You would probably expect me to the be last person to say
that Sendmail is perfectly within their rights.  I have 
had a lot of problems with what they are doing.

But what did you pay for Sendmail?  Was it a dollar, or was 
it more?  Let me guess.  It was much less than a dollar.  I 
bet you paid nothing.

So does anyone owe you anything, let alone a particular process 
which you demand with such length?

Gadi Evron wrote:
So you are basically saying open source free software can't 
be trusted to hold high standards or be reliable or secure 
if I don't pay for it?

What he is basically saying is that you hold no right whatever 
to demand it.

The "International Infrastructure's" need doesn't constitute 
a claim on Sendmail or its developers.  As Theo stated, if 
that's unacceptable, buy software with a commercial license 
(which would then give you the right to demand that trust, as 
included in the license).

Michael A Fusaro II
maf () mafii com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]