In message <[EMAIL PROTECTED]>,
Gregory A Lundberg writes:
>Which is WHY you should report bugs to the developers first. We know
>enough about the code to build a correct patch. We'll probably even test
>it against a couple machines before releasing it. Heck, we might even fix
>more than the narrow case you saw.
>
>In this case the patch fixes the problem he _saw_ (but not the one he
>missed), and ONLY on his Linux box (not on lots of other systems). If he'd
>have bothered to simply ask the developers of ANY of the packages he
>discussed, he'd have gotten a review/correction of SOME of his patches. He
>didn't. So his patches are wrong. Such is the quality of _patches_ on
>Bugtraq. Let's face it people: if you take a patch from just anyone you
>deserve what you get.
It would be nice if the developers of security critical software such as
ftp daemons showed as much enthusiasm for quality by finding and fixing
stupid bugs before releasing their code to the public in the first place.
--
Jason Downs
[EMAIL PROTECTED]
Think securely. http://www.openbsd.org/
