[11629] in bugtraq
Re: ... / wu-ftpd <=2.5 / ...
daemon@ATHENA.MIT.EDU (Jason Downs)
Wed Sep 1 07:32:04 1999
Message-Id: <199908302213.PAA11286@ix.downsj.com>
Date: Mon, 30 Aug 1999 15:13:14 -0700
Reply-To: Jason Downs <downsj@DOWNSJ.COM>
From: Jason Downs <downsj@DOWNSJ.COM>
X-To: lundberg@VR.NET
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Gregory A Lundberg <lundberg@VR.NET> of "Sun, 29 Aug
1999 01:30:05 EDT." <19990829013004.G19924@vr.net>
In message <19990829013004.G19924@vr.net>,
Gregory A Lundberg writes:
>Which is WHY you should report bugs to the developers first. We know
>enough about the code to build a correct patch. We'll probably even test
>it against a couple machines before releasing it. Heck, we might even fix
>more than the narrow case you saw.
>
>In this case the patch fixes the problem he _saw_ (but not the one he
>missed), and ONLY on his Linux box (not on lots of other systems). If he'd
>have bothered to simply ask the developers of ANY of the packages he
>discussed, he'd have gotten a review/correction of SOME of his patches. He
>didn't. So his patches are wrong. Such is the quality of _patches_ on
>Bugtraq. Let's face it people: if you take a patch from just anyone you
>deserve what you get.
It would be nice if the developers of security critical software such as
ftp daemons showed as much enthusiasm for quality by finding and fixing
stupid bugs before releasing their code to the public in the first place.
--
Jason Downs
downsj@downsj.com
Think securely. http://www.openbsd.org/
