On Sat, 29 Nov 2003, Tom wrote:
> On Sat, Nov 29, 2003 at 09:55:59AM -0500, Paul Morgan wrote: > > On Sat, 29 Nov 2003 04:34:43 -0800, Karsten M. Self wrote: > > > > > > > > Bernstein pays $500 for each verifiable security hole in qmail. > > > Following the same premise as for Knuth, you should find this a > > > similarly lucrative opportunity. You might find the page detailing this > > > offer of interest: > > > > > > http://cr.yp.to/qmail/guarantee.html > > > > > > > > > > > > Peace. > > > > Actually, the reward is for the *first* verifiable security hole in qmail. > > Six years now, and no-one's found one. > > I have an out: I said arbitrary *large* block of code. When I said > large, I was thinking "operating-system sized set of code", i.e., many > programs. and you weren't in it for the $$$ ?? (just that bugs and exploits exists? ) > The site itself says that people have experienced many problems with the > total set of programs surrounding qmail. And that confirms my belief. 6 yrs w/o a exploitable security hole is a very good track record ( security wise ) .. wonder how many people are looking for one .. vs it seems to be standard proceedre for everybody to go looking for holes in sendmail :-) <smiley> and i'd hate to hire/be the dude working for 6yrs and still looking for a security hole for the $500 :-) </smiley> c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
