Date: Mon, 12 Feb 2001 22:43:21 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <20010212224320.G26500@speedy.gsinet> In-Reply-To: <xzpu25zpu5n.fsf@flood.ping.uio.no>; from des@ofug.org on Mon, Feb 12, 2001 at 08:40:04PM %2B0100 References: <F55PFTg4bPYkAOt67zL00011da9@hotmail.com> <20010211074201.B1396@jive.44bsd.net> <004a01c09465$86506f80$1e9e6389@137.99.156.23> <xzpu25zpu5n.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
[ disclaimer: IANAL, but an interested user of djb-software ] On Mon, Feb 12, 2001 at 20:40 +0100, Dag-Erling Smorgrav wrote: > > 1) Mr Bernstein has also threatened to sue anyone who dared claim that > his code was insecure. Not the best of incentives. This statement was mentioned several times in recent threads. Is there any reference? Up to now I failed to see the evil in DJB's actions (code readability aside -- I've been there myself and know how long it takes to identify the spot to put your extension into while doing it is mostly a snap; and yes it's not everybodies thing that djb wants to warrant for his software only when it's implemented the way he designed it to). Reading the documentation coming with djb-software I only see points FreeBSD claims in similar ways like "we simply _cannot_ operate reliably on broken hardware" (djb: the underlying OS and the libs linked against), "don't refer to it as a FreeBSD problem when a port has a bug" (djb: third party patches are not _my_ software, their bugs aren't mine) and "saturating your uplink doesn't prove design failures in our network stack" (djb: DoSing doesn't qualify as a security breach). What am I doing wrong when I feel the missing "and proving it" in the above "claim of insecure code" is what makes him sue somebody? I still read the "all claims and discussions get published here" as an invitation to _prove_ his software wrong, while it just didn't happen yet. Has anyone heard or read otherwise? BTW: What does the FreeBSD team do against unsubstanciated(sp?) claims like those of the (misguided and probably not even understanding the system used by himself) OpenBSD freak posted here and in other public lists lately? Looking at the webpage (antioffline? anitonline? admittedly deleted the URL quickly after looking at it, but it's in the archive) it's a really badly copied and mangled FreeBSD index.html with a whole lot of sick accusations and made to look *exactly* like the original page (including all the links into the original FreeBSD site -- just like it would be an integral part of it!). Would you like to have this pass by unanswered? And do you expect to be called arrogant, obscuring or threatening when you take action against things like these? I would be quite astonished ... virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010212224320.G26500>