Full Disclosure mailing list archives
Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but...
From: Nathan Walp <faceprint () faceprint com>
Date: Wed, 25 Feb 2004 11:34:03 -0500
On Wed, 2004-02-25 at 02:02, Stefan Esser wrote:
Hello, On Tue, Feb 24, 2004 at 08:23:44PM -0500, Luke Schierer wrote:Jeff is absolutely correct. We've given them yahoo code, they have given us yahoo code. Sean Egan and one of their heads, a guy named Scott, are on good terms. no theft either way involved here. lukeThere is actually one little problem... Eric Warmenhoven, the guy who commited the yahoo code had no clue that this code is used by Trillian. Noone from the GAIM team except himself has the right to dual license his code. And the second thing is: take a close look on the commit messages: It a) references external persons rev 1.11: Valdis Kletnieks (sysphrog) suggested this fix. This seems really odd to me. Typical Yahoo. (The fix is actually only a "+1" fix) b) has mysterious comments... rev 1.12: this seems... i don't know. (sounds to me like... Hmmm got this code commited it, but don't know if or why it is better)
Take a journey with me: rev 1.41: Sean Egan commits the new authorization code he just wrote. rev 1.46: Sean Egan adjusts the authorization code to use version 9 instead of 6. rev 1.97 (yes, it's been that long since auth was touched): Sean Egan changes some auth code around, and renames some stuff rev 1.104: Sean Egan modifies yahoo to send the username in lowercase, fixing auth. rev 1.140: Sean Egan changes the protocol version again from 0x0900 to 0x000b rev 1.145: Sean Egan commits drastically new auth code. I believe this was written by him after Trillian figured out the new authentication mechanism. rev 1.160: Sean Egan commits more yahoo auth fixes, presumably with help from Trillian rev 1.162: Sean Egan commits his "web auth" code, giving Gaim 2 ways to log into Yahoo Now I'm sick of looking through commit logs, but I think you get the idea. Also, by this point, Trillian is sending us code, not vice-versa. The only code that was ever sent to them was the auth code, which Sean wrote. Sean is allowed to send that code to anyone he pleases. As much of a stickler as he is for the GPL, I really don't think he'd violate it so blatently and publically. Nathan
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Advisory 02/2004: Trillian remote overflows Stefan Esser (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Tobias Weisserth (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Scott Taylor (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Jeff_Lopes (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Luke Schierer (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Tobias Weisserth (Feb 25)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Stefan Esser (Feb 25)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Nathan Walp (Feb 25)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Stefan Esser (Feb 25)
- RE: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Tobias Weisserth (Feb 24)