Re: Re: Kryptor for Linux released

I am not going to reply anymore after this...
"before calling something secure, i would suggest picking up a coding
tutorial... that extremeftpd looks... well.. horrible (it is (if possible)
worse than raveftpd)"
I suppose you don't know what is cryptography if you think it is coding something. I agree the implementation must be safe but I released it 3 years ago and so security bugs were claimed in the code in the meanwhile. The code is under GPL if you find some bug you can give you rcontribution without sending me any e-mail.

"msg.c is the same "stupidity" all over again, it used to be:
len = vsnprintf (buf, strlen(buf),"%s", bla);
buf[len] = '\0';"
That bug you are talking about was found during the testing phase, in fact we had people trying to find bugs in the code as a hacking game. This lead good results and now we released eftpd 0.3.4 that is no more a testing version (since we released it to the public). If you find bugs over there you are welcome!

"and you suggest we should trust THAT software is secure??? get real!"
You definitely dont know about what you are talking.

"pretty neat tough... i informed them about a dozen bugs in their ftp daemon,
and NO appreciation at all..."
I never received any e-mail from you...

"this means, i'm not gonna disclose any bugs i find (believe me, this was just
the beginning, there is absolutely no reason to use rosiello software... more
holes than cheddar cheese ;))"
Definitely I don't trust anything you said since you claims for bugs mailed to us, but no mail were received. You should appreciate people that produce software for free and work for the community. If you evaluate a software unsafe because of bugs in its testing phase well probably you should study some sooftware life cycle and design book.

yours,
Angelo Rosiello

http://www.rosiello.org