qmail Re: freebsd - Re: recommended Virus Scanner?
On Sat, 29 Nov 2003, Tom wrote:
> On Sat, Nov 29, 2003 at 09:55:59AM -0500, Paul Morgan wrote:
> > On Sat, 29 Nov 2003 04:34:43 -0800, Karsten M. Self wrote:
> >
> > >
> > > Bernstein pays $500 for each verifiable security hole in qmail.
> > > Following the same premise as for Knuth, you should find this a
> > > similarly lucrative opportunity. You might find the page detailing this
> > > offer of interest:
> > >
> > > http://cr.yp.to/qmail/guarantee.html
> > >
> > >
> > >
> > > Peace.
> >
> > Actually, the reward is for the *first* verifiable security hole in qmail.
> > Six years now, and no-one's found one.
>
> I have an out: I said arbitrary *large* block of code. When I said
> large, I was thinking "operating-system sized set of code", i.e., many
> programs.
and you weren't in it for the $$$ ??
(just that bugs and exploits exists? )
> The site itself says that people have experienced many problems with the
> total set of programs surrounding qmail. And that confirms my belief.
6 yrs w/o a exploitable security hole is a very good track record (
security wise ) .. wonder how many people are looking for one ..
vs it seems to be standard proceedre for everybody to go looking for
holes in sendmail :-)
<smiley>
and i'd hate to hire/be the dude working for 6yrs and still looking for a
security hole for the $500 :-)
</smiley>
c ya
alvin
Reply to: