[Full-disclosure] RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

Theo de Raadt wrote:
You would probably expect me to the be last person to say
that Sendmail is perfectly within their rights. I have
had a lot of problems with what they are doing.

But what did you pay for Sendmail? Was it a dollar, or was
it more? Let me guess. It was much less than a dollar. I
bet you paid nothing.

So does anyone owe you anything, let alone a particular process
which you demand with such length?

Gadi Evron wrote:
So you are basically saying open source free software can't
be trusted to hold high standards or be reliable or secure
if I don't pay for it?

What he is basically saying is that you hold no right whatever
to demand it.

The "International Infrastructure's" need doesn't constitute
a claim on Sendmail or its developers. As Theo stated, if
that's unacceptable, buy software with a commercial license
(which would then give you the right to demand that trust, as
included in the license).

Michael A Fusaro II

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages