[pro] Heartbleed?

William Lederer william.lederer at gmail.com
Mon Apr 28 15:52:03 UTC 2014


Sorry, I am familiar with the controversy regarding his personality and his
argument about the denial of service issues and the claimed security bug
that happens if the size allocated to qmail exceeds the number of bytes
countable in 32 bits. Yes, he is arrogant, but he does work of the first
order.

I stand by my recommendation, and stand by the assertion that secure coding
can and has been done in C.

What is lost in this controversy is the sheer magnitude of vulnerabilities
in sendmail historically.

wglb


On Mon, Apr 28, 2014 at 9:19 AM, Antoni Grzymała <antoni at grzymala.info>wrote:

> Tako rzecze William Lederer (2014-04-28, 09:09):
>
> > And I again point out a software non-disaster qmail, whose author
> > offered a bug bounty. Secure programs can be written in C.
>
> I think you should stop gloryfying qmail, it has known bugs, violates
> some RFC's and the author (who turns out to be rather arrogant here)
> wouldn't pay out the bounty:
>
> http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
>
> --
> [アントシカ]
>
> _______________________________________________
> pro mailing list
> pro at common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/pro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/pro/attachments/20140428/9b2e97e8/attachment.html>


More information about the pro mailing list