[OT] Re: Don't send me a private copy of list-mail

Christopher Chan christopher.chan at bradbury.edu.hk
Fri Jul 17 04:38:04 UTC 2009 

Jay Daniels wrote:
> On Fri, 2009-07-17 at 11:43 +0800, Christopher Chan wrote:
>   
>>>> Blanket statement with absolutely no proof. While I will not use qmail 
>>>> for anything MX related, I might use it for outgoing email purposes or 
>>>> for list email.
>>>>
>>>> As for 'no longer use any of his stuff' there is no equivalent for 
>>>> djbdns. Nothing out there has the performance and security record of 
>>>> dnscache.
>>>>
>>>>
>>>> Ever since his stuff has been put into the public domain, packages for 
>>>> djbdns have appeared for a fair few operating systems now that their 
>>>> primary problem (his 'licensing') has gone.
>>>>
>>>>     
>>>>         
>>> Did Bernstein ever give Guninski the $500 reward?
>>>
>>>
>>>   
>>>       
>> Not sure if using a specific compiler on a specific operating system, 
>> specifically compiling in 64-bits and also specifically using a 
>> configuration that no one would setup in practice makes Guninski's claim 
>> authentic. Granted it is a bug on 64-bit but it is not exactly root 
>> hosing in any and every installation and to see so many preconditions 
>> related to an operating system, its toolchain and a wacko configuration 
>> that you have to specifically setup to get a root exploit after years of 
>> scrutiny kind of underscores the integrity of a codebase that has not 
>> been touched since 2001.
>>
>>
>> It was not like I would have to scramble to recompile all my qmail 
>> installations...something that one has to do if one is running sendmail.
>>
>> You are free to make your own judgement call on the fairness of the 
>> Guninski claim. I personally do not think much of a bug that can be 
>> turned into a root exploit by first making several preparations that 
>> nobody does.
>>
>>     
>
> Well, I believe the challenge was meet no matter what the means.  Damn,
> it's like placing a bet and refusing to pay off because the you believe
> the ref made a bad call in the 4th quarter.
>
>   

Football games are inherently not predictable. The case here is about 
proving something not making a bet. A completely concocted edge case for 
a technical problem in a environment that did not quite exist when that 
the code was first made is kinda hard to justify as proof of security hole.

More information about the ubuntu-users mailing list