Bugtraq mailing list archives
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Fri, 24 Mar 2006 15:17:05 -0700
Sendmail has been an important part of the Internet infrastructure and has gained a lot of honour and respect. Many people use this piece of software and a lot of distributors/vendors are proliferating this software. They do deserve better, as do the users who decide to trust this vendor.
Paul Vixie did not decide that BIND should become a critical part of the internet, or that it became a virtual monoculture. He made it free. The community decided to make it Internet infrastructure. Eric Allman did not decide that BIND should become a critical part of the internet, or that it became a virtual monoculture. He made it free. The community decided to make it Internet infrastructure. I did not decide that OpenSSH should become a critical part of the internet, or that it should become a virtual monopoly. We made it free. Again, the community decided to make it Internet infrastructure. Now you want to tell us that because the Internet community made decisions like these, that we should be held responsible. That we have to follow YOUR procedures. That we have to answer to YOU. What if we ignore your procedures? What if we say no? What will you do then? Continue to verbally attack us? To what end? To show that you are thankless dogs? Does it make you feel like more of a man when you publically attack people who wrote good things that you depend on, which you never gave anything for? Isn't it you who every day make the same decision to run our software, give nothing back, and then believe that you have anything at all to stand on? Open Source developers get attacked when they don't follow YOUR procedudes, but SSH.COM can skip fixing security problems for years, and you will be silent. You (and others like you) should be ashamed. I am done with this conversation. note: I only wrote parts of OpenSSH; it was based on older free code by Tatu Ylonen before he chose to go commercial, and initially made free primarily by Niels Provos, Markus Friedl, myself, and a team of other people. Now it is maintained by about 6 developers.
Current thread:
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)
- Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Martin Schulze (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) D.F.Russell (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Kurt Seifried (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Geo. (Mar 28)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Martin Schulze (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Pim van Riezen (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Florian Weimer (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 28)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)
- RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael A Fusaro II (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 25)