From owner-freebsd-security  Wed Jan 31 20:33:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sonar.noops.org (adsl-63-195-97-84.dsl.snfc21.pacbell.net [63.195.97.84])
	by hub.freebsd.org (Postfix) with ESMTP id 619AC37B4EC
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 Jan 2001 20:32:49 -0800 (PST)
Received: from localhost (root@localhost)
	by sonar.noops.org (8.9.3/8.9.3) with ESMTP id UAA58361;
	Wed, 31 Jan 2001 20:32:05 -0800 (PST)
	(envelope-from root@noops.org)
Date: Wed, 31 Jan 2001 20:32:00 -0800 (PST)
From: Thomas Cannon <root@noops.org>
To: Marc Rassbach <marc@milestonerdl.com>
Cc: Chris Johnson <cjohnson@palomine.net>,
	Matt Dillon <dillon@earth.backplane.com>,
	Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,
	freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
In-Reply-To: <Pine.BSF.4.21.9601312115260.35729-100000@tandem.milestonerdl.com>
Message-ID: <Pine.BSF.4.21.0101312024580.58309-100000@sonar.noops.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> 
> Have you done some DNA test and found that Dan Bernstein is not human and
> therefore unable to make mistakes?
> 

I think the fact that he puts his own money on the fact that there are no
exploitable flaws in qmail or his DNS implementation shows an obvious
commitment to proactive security. I'm sure that is all that was
implied. I've a feeling the ISC isn't sending anyone a check for the bind
exploit just posted to bugtraq from nobody@replay.com, or to NAI
labs. It's sorta like OpenBSD -- sure, mistakes happen. They just make a
hell of a lot less of them because it's part of what they are trying to
achieve.

Thomas








To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message