Ian Lance Taylor wrote:
Date: Wed, 29 Nov 2000 18:34:59 -0800
From: Greg White [EMAIL PROTECTED]
I can't see any circumstances where any of Dan's sofware can be deemed
closed source.
It is not the case that all software is either open source or closed
source. There is a
Date: Fri, 01 Dec 2000 12:52:33 -0600
From: "David L. Nicol" [EMAIL PROTECTED]
Ian Lance Taylor wrote:
Date: Wed, 29 Nov 2000 18:34:59 -0800
From: Greg White [EMAIL PROTECTED]
I can't see any circumstances where any of Dan's sofware can be deemed
Russell Nelson wrote:
Greg White writes:
Paul Jarc wrote:
Dan's software isn't open source.
Oh, really? By whose definition?
By the Open Source Initiative's, the vice-president of which is yours
truly. It's okay if you don't believe us when we say it's not Open
Source, but
Date: Wed, 29 Nov 2000 18:34:59 -0800
From: Greg White [EMAIL PROTECTED]
I can't see any circumstances where any of Dan's sofware can be deemed
closed source.
It is not the case that all software is either open source or closed
source. There is a broad continuum of licensing
On 27-Nov-2000 Paul Jarc wrote:
Programs - or rather, algorithms - *are* patentable in the US. You
may think this is a ridiculous idea, and I may agree with you, but
it's true nonetheless.
That's not true. Algorithms are specifically _not_ patentable
in the US. What _is_ patentable is a
Greg White [EMAIL PROTECTED] writes on 24 November 2000 at 23:11:06 -0800
Paul Jarc wrote:
Dan's software isn't open source.
Oh, really? By whose definition? I have the source, and I have the
actual program. I suppose if you're some ESR/RMS fanatic, this does
not comply with your
Felix von Leitner [EMAIL PROTECTED] writes:
Thus spake Raul Miller ([EMAIL PROTECTED]):
Pulling something off of a web site involves creating a copy on your
local machine.
Please enlighten me: who bullshitted you Americans into believing that
one needs a license to use software?
Raul
So, what is your point here? When was the last time a serious
security
fanatic went through:
a. Linux kernel source code.
b. BSD kernel source code.
c. Solaris kernel source code.
d. etc., etc., etc.
Answer to b would be OpenBSD.
-
"One of the best examples of pure democracy in
* Al [EMAIL PROTECTED] writes:
So, what is your point here? When was the last time a serious security
fanatic went through:
b. BSD kernel source code.
Answer to b would be OpenBSD.
And when did a serious security professional last go through it? gdr
--
Robin S. Socha http://socha.net/
And when did a serious security professional last go through it? gdr
--
Since there is no way to guess the standard you would require for "serious"
and "professional" I guess there is no way to answer the question.
The OpenBSD team maintains a solid reputation for quality and security. But
I
At 1:32 PM +0100 11/23/00, Felix von Leitner wrote:
Thus spake Raul Miller ([EMAIL PROTECTED]):
Picking up a leaflet does not involve making a copy of it.
Pulling something off of a web site involves creating a copy on your
local machine.
Please enlighten me: who bullshitted you Americans
On Sat, Nov 25, 2000 at 05:33:44PM -0500, Romeyn Prescott wrote:
What, Felix, (and you probably ought to respond offline, should you
be so inclined, as this has precious little to do with qmail) do you
suggest? How should the software "empires" of this world make their
money if not by
See http://www.tuxedo.org/~esr/writings/magic-cauldron/magic-cauldron-3.html
and other similar writings by ESR and others involved in the open source
movement. The motives behind Open Source are not secret -- they are readily
available, all you need to do is look.
I can't believe I read the
Paul Jarc wrote:
SNIP
Dan's software isn't open source.
Oh, really? By whose definition? I have the source, and I have the
actual
program. I suppose if you're some ESR/RMS fanatic, this does not comply
with
your vision of "open source". The source is available, and by Dan's own
words
you
Thus spake Raul Miller ([EMAIL PROTECTED]):
Picking up a leaflet does not involve making a copy of it.
Pulling something off of a web site involves creating a copy on your
local machine.
Please enlighten me: who bullshitted you Americans into believing that
one needs a license to use
Please enlighten me: who bullshitted you Americans into believing
that one needs a license to use software?
Since you asked, that would be MAI Systems Corporation in 1993, in a
lawsuit against Peak Computer, Inc.. See
The Artistic License was explicitly designed to be part of a
dual-licensing arrangement. It's not strong enough to stand
on its own;
the language hasn't been hammered out nearly well enough.
But the idea behind it seems to apply to what may be the desired result:
retaining control.
-
On Tue, Nov 21, 2000 at 10:07:00PM -0500, Al wrote:
Not a lawyer but when you put something onto a web page you have
conformed to a well known pattern that would expect an action to take
place. For example if I put a stack of leaflets on the counter of a
local store that said "Rumage sale
Instead, it poses the question: do you have the legal right to use the
web, in the absence of explicit copyright notices on every document
element you encounter?
Laws are never about what is allowed. Laws are about what is prohibited.
On Tue, Nov 21, 2000 at 10:07:00PM -0500, Al wrote:
Not a lawyer but when you put something onto a web page you have
conformed to a well known pattern that would expect an
action to take
place. For example if I put a stack of leaflets on the counter of a
local store that said "Rumage
Paul Jarc wrote:
So when a lot of people download the files, they don't know what the
licensing is and have to ask on the list(s)
True, but not relevant to the question of what is legal.
The question is what the author permits the user to do -- this is what a license
is about. Since the
Paul Jarc wrote:
... I don't see ambiguity in them [dist.html or softwarelaw.html or
rights.html] ...
Are you not as analytical as those who criticise the situation?
--
Michael T. Babcock, C.T.O. FibreSpeed
http://www.fibrespeed.net/~mbabcock
On Tue, Nov 21, 2000 at 12:32:02AM -0500, Nathan J. Mehl wrote:
IANAL, but my feeling is that the documents in question pretty
unambiguously lead to the conclusion that you'd be SOL in that case,
and I would further suspect that Dan keeps the only notices about
qmail's distribution terms in a
, consider the relevance of this thread to the list as a whole
over your personal needs, please.
Thank You.
-Original Message-
From: Adam McKenna [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 21, 2000 12:58 PM
To: [EMAIL PROTECTED]
Subject: Re: secrets and lies
On Tue, Nov 21, 200
"Michael T. Babcock" [EMAIL PROTECTED] writes:
Since the author gives no implicit license, we all come down to
IANAL legal battles over what is implied by his other writings. A
license would clear (most of) this up -- that's the issue.
A license has the potential to be just as ill-worded,
"Michael T. Babcock" [EMAIL PROTECTED] writes:
Paul Jarc wrote:
... I don't see ambiguity in them [dist.html or softwarelaw.html or
rights.html] ...
Are you not as analytical as those who criticise the situation?
Not that I'm aware of. As I said, I think it's just that when
information
On Mon, Nov 20, 2000 at 10:34:23AM -0500, Michael T. Babcock wrote:
He wrote it all -- its all DJB's theories -- they may be right or
wrong, but he's not a lawyer so its not even really worth trusting his
theories at all.
Except that
[1] he's the author, which means he owns all copy rights.
Raul Miller [EMAIL PROTECTED] writes:
On Mon, Nov 20, 2000 at 10:34:23AM -0500, Michael T. Babcock wrote:
He wrote it all -- its all DJB's theories -- they may be right or
wrong, but he's not a lawyer so its not even really worth trusting his
theories at all.
Except that
...
[2] he
Paul Jarc wrote:
"Michael T. Babcock" [EMAIL PROTECTED] writes:
Since the author gives no implicit license, we all come down to
IANAL legal battles over what is implied by his other writings. A
license would clear (most of) this up -- that's the issue.
A license has the potential to be
Right. So a non-contractual license wouldn't necessarily be better
than a non-contractual, non-license legal statement.
Yes, it would be -- because (as I understand it) you have the right to waive
your rights -- such as by putting something into the public domain (as Dan has
done with
On Tue, Nov 21, 2000 at 05:16:17PM -0500, Paul Jarc wrote:
That's true of softwarelaw.html, but this bit of the thread was about
rights.html, which includes no such references.
rights.html doesn't say anything about the licensing of djbdns.
Instead, it poses the question: do you have the
A license has the potential to be just as ill-worded, confusing, or
extremely technical as anything else. A clearly worded, easily
supportable legal document would be good, regardless of whether it
were a license.
Here is a question: Does anyone know if the GPL and/or BSD license has ever
Raul Miller [EMAIL PROTECTED] writes:
On Tue, Nov 21, 2000 at 05:16:17PM -0500, Paul Jarc wrote:
That's true of softwarelaw.html, but this bit of the thread was about
rights.html, which includes no such references.
rights.html doesn't say anything about the licensing of djbdns.
I know.
"Al" [EMAIL PROTECTED] writes:
Here is a question: Does anyone know if the GPL and/or BSD license has ever
been challenged in court? What were the results?
The GPL hasn't - so its meaning really isn't known yet - but the BSD
license has. I don't remember the case, but people are still using
"Michael T. Babcock" [EMAIL PROTECTED] writes:
Paul Jarc wrote:
A license has the potential to be just as ill-worded, confusing, or
extremely technical as anything else. A clearly worded, easily
supportable legal document would be good, regardless of whether it
were a license.
As DJB
Even more amusing is the idea of reading a license to
determine if you're legally allowed to visit a web page.
Not a lawyer but when you put something onto a web page you have conformed
to a well known pattern that would expect an action to take place. For
example if I put a stack of leaflets
Yes, and I think some do shy away from the GPL for that reason. But
Dan wants to prevent forking, which is incompatible with Free
licenses.
Two things come to mind the first is the Artistic under which Perl is
released and the second is the Apache license. The result would be
something
Al [EMAIL PROTECTED] writes:
Two things come to mind the first is the Artistic under which Perl is
released
The Artistic License was explicitly designed to be part of a
dual-licensing arrangement. It's not strong enough to stand on its own;
the language hasn't been hammered out nearly well
Just like many others, IANAL, but ...
Paul Jarc wrote:
"Pavel Kankovsky" [EMAIL PROTECTED] writes:
But there are ABSOLUTELY no references to dist.html or softwarelaw.html in
the source tarballs.
So what?
So when a lot of people download the files, they don't know what the licensing
is
Michael T. Babcock [EMAIL PROTECTED] writes on 20 November 2000 at 10:34:23
-0500
Just like many others, IANAL, but ...
Paul Jarc wrote:
I see no theories of his there. The only part there he attributes to
himself is:
He wrote it all -- its all DJB's theories -- they may be
Adam McKenna [EMAIL PROTECTED] writes:
On Sun, Nov 19, 2000 at 09:05:04PM -0500, Paul Jarc wrote:
: I don't know which of these theories will succeed in court. I also
: don't think you should have to care. So I promise I won't sue you
: for copyright violation for downloading documents
"Michael T. Babcock" [EMAIL PROTECTED] writes:
Paul Jarc wrote:
"Pavel Kankovsky" [EMAIL PROTECTED] writes:
But there are ABSOLUTELY no references to dist.html or
softwarelaw.html in the source tarballs.
So what?
So when a lot of people download the files, they don't know what the
On Mon, Nov 20, 2000 at 11:43:44AM -0500, Paul Jarc wrote:
The same way as if rights.html were included in qmail-1.03.tar.gz: I'd
ask people who had copies to present them, to support my claim. There
would be more such copies if it were included in qmail-1.03.tar.gz,
but I'm not going to
Adam McKenna [EMAIL PROTECTED] writes:
I want an unambiguous license included with the software that
explicitly defines what I am allowed to do with it. If you don't
need that then fine, but please don't argue that it's not needed,
because there are clearly a number of people on this list
Paul Jarc wrote:
It's the same situation as with, say, Emacs. The GPL doesn't give you
permission to get a copy of Emacs; it only specifies what you can do
once you have. The nearest I could find to explicit permission to
download it is "By FTP we provide source code for all GNU software,
On Mon, Nov 20, 2000 at 01:21:16PM -0500, Paul Jarc wrote:
Adam McKenna [EMAIL PROTECTED] writes:
I want an unambiguous license included with the software that
explicitly defines what I am allowed to do with it. If you don't
need that then fine, but please don't argue that it's not
Adam McKenna [EMAIL PROTECTED] writes:
Maybe he'd think about changing dist.html. After he changed it,
could I then continue distributing this package without fear of
being sued?
If the new dist.html said no, then it would seem clear that you
couldn't. This is not an ambiguity in the
"Michael T. Babcock" [EMAIL PROTECTED] writes:
Paul Jarc wrote:
The GPL doesn't give you permission to get a copy of Emacs; it
only specifies what you can do once you have.
For a lot of people, being able to obtain said software isn't the
problem -- its the right to use it in the ways
PROTECTED]]
Sent: Monday, November 20, 2000 3:22 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: secrets and lies
Adam McKenna [EMAIL PROTECTED] writes:
Maybe he'd think about changing dist.html. After he changed it,
could I then continue distributing this package without fear
On Mon, Nov 20, 2000 at 04:21:51PM -0500, Paul Jarc wrote:
Adam McKenna [EMAIL PROTECTED] writes:
Maybe he'd think about changing dist.html. After he changed it,
could I then continue distributing this package without fear of
being sued?
If the new dist.html said no, then it would seem
([EMAIL PROTECTED] snipped due to overwhelming qmail-centrism)
In the immortal words of Adam McKenna ([EMAIL PROTECTED]):
You don't, but others do. For instance, I can distribute a package that
contains pristine qmail source and patches, and include a script which
applies the patches,
On 15 Nov 2000, Chris K. Young wrote:
I say that dist.html should be considered authoritative. There are
references in the qmail and djbdns documentation that contain the
URL to their respective pages.
But there are ABSOLUTELY no references to dist.html or softwarelaw.html in
the source
On Fri, 17 Nov 2000, Felix von Leitner wrote:
Software security _is_ easy.
The correct paradigms have been published for decades.
And ignored by most people for decades. :)
Had you actually read the Schneier, you would know that no testing in
the world can prove the security of a system.
Thus said "Michael T. Babcock" on Sat, 18 Nov 2000 13:41:20 EST:
OSI == "Open Source Initiative" I believe ...
On Sat, Nov 18, 2000 at 11:52:03AM -0700, Andy Bradford wrote:
That's funny, I always thought that OSI was the _Open Systems
Interconnection_ internet model proposed by the ISO. I
Thus said Raul Miller on Sun, 19 Nov 2000 12:33:30 EST:
Or do you have similar problems deciding whether ATM means automated
teller machine or asychronous transfer mode? Or deciding whether
ASP means active server pages or application service provider? Or ...
Not generally, however, I must
"Pavel Kankovsky" [EMAIL PROTECTED] writes:
But there are ABSOLUTELY no references to dist.html or softwarelaw.html in
the source tarballs.
So what?
Moreover, softwarelaw.html is about using the software ``once you've
legally downloaded [it]'', dist.html is about (re)distribution of qmail
On Sun, Nov 19, 2000 at 09:05:04PM -0500, Paul Jarc wrote:
: I don't know which of these theories will succeed in court. I also
: don't think you should have to care. So I promise I won't sue you
: for copyright violation for downloading documents from my server.
which makes it clear to
On Fri, Nov 17, 2000 at 10:43:50PM -0500, Al wrote:
Don't care. What I care about is what the words mean in an actual language.
In this case English. I do not recognize OSI as a standards body and do not
care what definition of Open Source can be found at opensource.org or the
FSF. When I
Mate Wierdl wrote:
On Wed, Nov 15, 2000 at 08:48:31AM +0100, Andre Oppermann wrote:
Another possible qmail attack is it's late bouncing for non-existent
users. Using a false envelope sender address you could fill up the
queue with double bounces. I consider this a more serious problem.
Ian Lance Taylor writes:
From: "Al" [EMAIL PROTECTED]
Date: Fri, 17 Nov 2000 22:43:50 -0500
Don't care. What I care about is what the words mean in an actual language.
Oh, so "Microsoft" means small software? And "Ian Lance Taylor" is
someone who sews with a really long
Nope. If it's not free, it's not OSI Certified Open Source Software.
I'm on the board; you have my personal guarantee that that will
remain the case as long as I am.
On Fri, Nov 17, 2000 at 10:43:50PM -0500, Al wrote:
Don't care. What I care about is what the words mean in an actual
Raul Miller wrote:
On Fri, Nov 17, 2000 at 10:43:50PM -0500, Al wrote:
Don't care. What I care about is what the words mean in an actual
language. In this case English.
Oh? And what does "OSI Certified Open Source Software" mean in an actual
language, in this case English?
OSI == "Open
Thus said "Michael T. Babcock" on Sat, 18 Nov 2000 13:41:20 EST:
OSI == "Open Source Initiative" I believe ...
That's funny, I always thought that OSI was the _Open Systems
Interconnection_ internet model proposed by the ISO. I guess this
goes to show that context really does matter. :-)
Oh? And what does "OSI Certified Open Source Software" mean
in an actual
language, in this case English?
It means that the software license conforms to the requirements put forth by
the Open Source Initiative, an unincorporated nonprofit entity.
[It is a good idea to use the full name
Al writes:
It means that the software license conforms to the requirements put forth by
the Open Source Initiative, an unincorporated nonprofit entity.
Actually, we're incorporated. Not only that, but we're
IRS-501(c)3-compatible.
--
-russ nelson [EMAIL PROTECTED] http://russnelson.com
Dan's "audit" of Postfix
I didn't look at the Postfix code; I merely noticed that one of the
documented ``security features'' was an obvious design error. See
http://cr.yp.to/maildisasters/postfix.html
for the complete story.
---Dan
Thus wrote "D. J. Bernstein" [EMAIL PROTECTED]:
I didn't look at the Postfix code; I merely noticed that one of the
documented ``security features'' was an obvious design error. See
http://cr.yp.to/maildisasters/postfix.html
for the complete story.
Your site is outdated in technical
On Fri, Nov 17, 2000 at 12:09:15AM +0100, Felix von Leitner wrote:
Thus spake Mate Wierdl ([EMAIL PROTECTED]):
My question is why is not it better for qmail-queue *immediately* write
the "received" line identifying the user?
Then the attacker could still kill qmail-queue.
Indeed, but
Dave Sill writes:
That's exactly what happened with Wietse Venema's "audit" of qmail
that turned up the qmail-smtpd DOS (which is trivially prevented by
proper installation (which INSTALL still doesn't cover, BTW)), which
prompted Dan's "audit" of Postfix that turned up the problems with
Dave Sill writes:
So has any expert ever audited qmail or djbdns?
No. Any audit worth doing would be prohibitively expensive for a
freeware project. $1000 wouldn't even begin to cover it, at least for
qmail.
Still, I've read an awful lot of Dan's code. I've seen a few places
where I
Robin S. Socha writes:
* Felix von Leitner [EMAIL PROTECTED] writes:
[...]
The OpenBSD guys lost their credibility as software security authority
when they decided to include sendmail as standard MTA.
Well, we all know why they cannot include qmail. :-/
What you mean "we",
Lipscomb, Al writes:
Open Source is often used to describe software that has its source code
^ incorrectly
available regardless of the license involved. "Free Software" as promoted by
the Free Software Foundation (FSF) is a different thing. I belive that the
DJB
Lipscomb, Al writes:
Open Source is often used to describe software that has
its source code
^ incorrectly
available regardless of the license involved. "Free
Software" as promoted by
the Free Software Foundation (FSF) is a different thing. I
belive that the
From: "Al" [EMAIL PROTECTED]
Date: Fri, 17 Nov 2000 22:43:50 -0500
Lipscomb, Al writes:
Open Source is often used to describe software that has
its source code
^ incorrectly
available regardless of the license involved. "Free
Software" as
On Wed, Nov 15, 2000 at 08:48:31AM +0100, Andre Oppermann wrote:
Another possible qmail attack is it's late bouncing for non-existent
users. Using a false envelope sender address you could fill up the
queue with double bounces. I consider this a more serious problem.
The decision to handle
Adam McKenna [EMAIL PROTECTED] writes:
I said "sounds like". And in the context in which his opinion was presented,
it sounds a lot like MS's.
I read it as if he meant (not a quote, but my interpretation):
Don't rely on people testing your software, even if you offer money
for found
Thus spake Mate Wierdl ([EMAIL PROTECTED]):
I thought it was possible that Dan would give some hints on his view
on secure programming in these notes.
Don't talk.
Read his code and you will understand.
Software is secure iff the architecture and trust model is sound, which
you can verify
On Thu, Nov 16, 2000 at 11:01:13AM -0600, Mate Wierdl wrote:
[snip]
My question is why is not it better for qmail-queue *immediately* write
the "received" line identifying the user?
That will not solve the problem, just create a race-condition.
Greetz, Peter
--
dataloss networks
On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
Quoted from Adam McKenna [15 Nov 2000]:
On Wed, Nov 15, 2000 at 01:14:15PM +1300, Chris K. Young wrote:
``The [licence] must
explicitly permit distribution of software built
Adam McKenna [EMAIL PROTECTED] writes:
On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote:
Mr. Schneier is respected for his expertise and cryptography, and just
because he states that head money for bugs is no good, does not make him
an M S type weenie.
You're right,
Adam McKenna [EMAIL PROTECTED] writes:
For what its worth, I was only originally expression an opinion on the
few paragraphs that Mate posted, from some book that I had never heard
of, by a "B. Schneier" [sic] I didn't know who he was talking about at
first, and I was reacting to getting
Adam McKenna [EMAIL PROTECTED] writes:
On Tue, Nov 14, 2000 at 03:11:43PM -0500, Paul Jarc wrote:
Adam McKenna [EMAIL PROTECTED] writes:
Not to mention that the whole point of freeware and open source
software in general is to give everyone the ability to audit the
software, not just
Adam McKenna [EMAIL PROTECTED] writes:
On Tue, Nov 14, 2000 at 03:35:35PM -0500, Paul Jarc wrote:
[EMAIL PROTECTED] writes:
Whilst an audit is a good idea, I don't see how a competition and
time in the field can actual make matters worse.
It can make people think a program is secure
Just because it's ``often'' done doesn't mean it's correct. To me, and
possibly others, open source is used to describe software that uses a
licence conforming to the Open Source Definition.
I like: "3 a: completely free from concealment : exposed to general view or
knowledge b : exposed or
Adam McKenna [EMAIL PROTECTED] writes:
On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
I say that dist.html should be considered authoritative. There are
references in the qmail and djbdns documentation that contain the
URL to their respective pages.
That's what you say.
Charles Cazabon wrote:
However, as far as qmail goes: all the crackers in the world have had access
to the qmail source code and design documentation for years, and none have
yet found an exploitable security hole. You could consider that a fairly
thorough audit-by-fire.
There is no proof
Adam McKenna wrote:
On Tue, Nov 14, 2000 at 09:11:32PM +0100, Matthias Andree wrote:
Mr. Schneier is respected for his expertise and cryptography, and just
because he states that head money for bugs is no good, does not make him
an M S type weenie.
You're right, Bruce Scheiner is a
Paul Jarc [EMAIL PROTECTED] writes on 15 November 2000 at 11:07:43 -0500
Adam McKenna [EMAIL PROTECTED] writes:
On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
I say that dist.html should be considered authoritative. There are
references in the qmail and djbdns
Mate Wierdl [EMAIL PROTECTED] writes on 15 November 2000 at 00:07:35 -0600
On Tue, Nov 14, 2000 at 04:13:19PM -0500, Bennett Todd wrote:
efforts is on monitoring and risk management. With that as a given,
I expect he runs sendmail and BIND; things like qmail and djbdns are
for those of
On Wed, Nov 15, 2000 at 11:07:43AM -0500, Paul Jarc wrote:
Adam McKenna [EMAIL PROTECTED] writes:
On Wed, Nov 15, 2000 at 08:18:29PM +1300, Chris K. Young wrote:
I say that dist.html should be considered authoritative. There are
references in the qmail and djbdns documentation that
"David Dyer-Bennet" [EMAIL PROTECTED] wrote:
Dan is probably right that no special permissions are needed to make
normal uses of his code (which is what he says on his web pages), but
if the corporate lawyer isn't in agreement with him, he's going to say
"no". That's a corporate lawyer's job,
Adam McKenna [EMAIL PROTECTED] wrote:
I think "select few" as you have used it needs clarification -- even if only
one half of one percent of all advanced C programmers are part of the "select
few", that's still hundreds or thousands of people, and many of those people
are part of the open
Bennett Todd [EMAIL PROTECTED] wrote:
And a case could be made that the charming and personable way qmail
has been represented in various public fora makes this audit-by-fire
even better: at this point, there are enough people around the world
who hate djb's guts and would never touch anything
d to dwell on this
anymore? Or are we just arguing for the sake of arguing?
I admit that I did not go look up "Secrets and Lies", buy it, read it, and
then read other material by B. Schneier before posting a reply, but whether
or not I am a self-proclaimed "security expert" (I'm
Ryan Russell [EMAIL PROTECTED] writes:
On Tue, 14 Nov 2000, Mate Wierdl wrote:
Indeed, it would be interesting what kind of testing he is running on
qmail, say (he says there are over 100 tests), and how he is trying to
make sure his software is secure.
If you want to see some of the
Bennett Todd wrote:
2000-11-14-16:37:06 Lipscomb, Al:
"Free Software" as promoted by the Free Software Foundation (FSF)
is a different thing. I belive that the DJB software is Open
Source, but not free.
Unlike Open Source, the phrase "free software" strongly predates the
Free Software
* Felix von Leitner [EMAIL PROTECTED] writes:
[...]
The OpenBSD guys lost their credibility as software security authority
when they decided to include sendmail as standard MTA.
Well, we all know why they cannot include qmail. :-/
Theo is rumored to have said something like "There were
On Wed, Nov 15, 2000 at 01:21:40PM -0500, Dave Sill wrote:
Adam McKenna [EMAIL PROTECTED] wrote:
I think "select few" as you have used it needs clarification -- even if only
one half of one percent of all advanced C programmers are part of the "select
few", that's still hundreds or
On 15 Nov 2000, Paul Jarc wrote:
If you want to see some of the tests he does, check out rts.tests that
comes in the djbdns distribution.
That sort of thing has its place, but it's not really related to
auditing at all. Mostly, it's good for detecting compilation
problems.
Several
Dave Sill [EMAIL PROTECTED] writes on 15 November 2000 at 13:09:25 -0500
"David Dyer-Bennet" [EMAIL PROTECTED] wrote:
Dan is probably right that no special permissions are needed to make
normal uses of his code (which is what he says on his web pages), but
if the corporate lawyer isn't
1 - 100 of 164 matches
Mail list logo