[89577] in North American Network Operators' Group
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory
daemon@ATHENA.MIT.EDU (Michael.Dillon@btradianz.com)
Mon Mar 27 03:50:18 2006
In-Reply-To: <4424B223.9050203@linuxbox.org>
To: nanog@merit.edu
From: Michael.Dillon@btradianz.com
Date: Mon, 27 Mar 2006 09:53:04 +0100
Errors-To: owner-nanog@merit.edu
> > You seem to be inferring that it is a bad thing to silently
> > patch bugs which may have security implications. The OpenBSD
>
> Full disclosure, we believe in it.
That's why OpenBSD and other projects publish the full source
code. That is full disclosure.
> I wonder if the same network operators will be happy about potentially
> millions of compromised sendmail servers globally.
The world of the network operator is a world of defending against
other people with malicious or broken software. This sendmail
issue is nothing new. Network operators would love to be able to
influence other people's behavior in a positive way, but history
has shown that this meets with little success and is less effective
than strengthening defenses.
--Michael Dillon
