<<< Date Index >>>     <<< Thread Index >>>

RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)



Theo de Raadt wrote:
> > You would probably expect me to the be last person to say
> > that Sendmail is perfectly within their rights.  I have 
> > had a lot of problems with what they are doing.
> > 
> > But what did you pay for Sendmail?  Was it a dollar, or was 
> > it more?  Let me guess.  It was much less than a dollar.  I 
> > bet you paid nothing.
> > 
> > So does anyone owe you anything, let alone a particular process 
> > which you demand with such length?
> 
Gadi Evron wrote:
> So you are basically saying open source free software can't 
> be trusted to hold high standards or be reliable or secure 
> if I don't pay for it?

What he is basically saying is that you hold no right whatever 
to demand it.

The "International Infrastructure's" need doesn't constitute 
a claim on Sendmail or its developers.  As Theo stated, if 
that's unacceptable, buy software with a commercial license 
(which would then give you the right to demand that trust, as 
included in the license).

--
Michael A Fusaro II
maf@xxxxxxxxx