Date: Mon, 12 Feb 2001 22:43:21 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <20010212224320.G26500@speedy.gsinet> In-Reply-To: <xzpu25zpu5n.fsf@flood.ping.uio.no>; from des@ofug.org on Mon, Feb 12, 2001 at 08:40:04PM %2B0100 References: <F55PFTg4bPYkAOt67zL00011da9@hotmail.com> <20010211074201.B1396@jive.44bsd.net> <004a01c09465$86506f80$1e9e6389@137.99.156.23> <xzpu25zpu5n.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
[ disclaimer: IANAL, but an interested user of djb-software ]
On Mon, Feb 12, 2001 at 20:40 +0100, Dag-Erling Smorgrav wrote:
>
> 1) Mr Bernstein has also threatened to sue anyone who dared claim that
> his code was insecure. Not the best of incentives.
This statement was mentioned several times in recent threads. Is
there any reference? Up to now I failed to see the evil in DJB's
actions (code readability aside -- I've been there myself and
know how long it takes to identify the spot to put your extension
into while doing it is mostly a snap; and yes it's not
everybodies thing that djb wants to warrant for his software only
when it's implemented the way he designed it to).
Reading the documentation coming with djb-software I only see
points FreeBSD claims in similar ways like "we simply _cannot_
operate reliably on broken hardware" (djb: the underlying OS and
the libs linked against), "don't refer to it as a FreeBSD problem
when a port has a bug" (djb: third party patches are not _my_
software, their bugs aren't mine) and "saturating your uplink
doesn't prove design failures in our network stack" (djb: DoSing
doesn't qualify as a security breach).
What am I doing wrong when I feel the missing "and proving it" in
the above "claim of insecure code" is what makes him sue
somebody? I still read the "all claims and discussions get
published here" as an invitation to _prove_ his software wrong,
while it just didn't happen yet. Has anyone heard or read
otherwise?
BTW: What does the FreeBSD team do against unsubstanciated(sp?)
claims like those of the (misguided and probably not even
understanding the system used by himself) OpenBSD freak posted
here and in other public lists lately? Looking at the webpage
(antioffline? anitonline? admittedly deleted the URL quickly
after looking at it, but it's in the archive) it's a really badly
copied and mangled FreeBSD index.html with a whole lot of sick
accusations and made to look *exactly* like the original page
(including all the links into the original FreeBSD site -- just
like it would be an integral part of it!). Would you like to
have this pass by unanswered? And do you expect to be called
arrogant, obscuring or threatening when you take action against
things like these? I would be quite astonished ...
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010212224320.G26500>