David Dyer-Bennet <[EMAIL PROTECTED]> writes:
> Ian Lance Taylor <[EMAIL PROTECTED]> writes:
>
> > Obviously there isn't anything wrong with qmail. And obviously these
> > bug reports are highly misleading in implying that there is a bug
> > which needs to be fixed in qmail. But I do think that the bug reports
> > have a point: if you install qmail-1.03 according to a reasonable
> > reading of the instructions which come with the tar file, your system
> > may be vulnerable to a theoretical denial of service attack. The fact
> > that other people tell you to install qmail in a different way is
> > interesting, but does not change the fact that qmail-1.03 comes with
> > installation instructions which at least some people will naturally
> > follow. I certainly did in my first qmail installation.
>
> Even if you *do* use softlimit to block that *particular* issue, you
> are *still* subject to various theoretical DOS attacks. *Any* server
> is subject to theoretical DOS attacks.
Well, sure.
This whole thing is not an engineering issue. It is a political
issue. (I don't personally find it surprising that somebody with the
personality that DJB displays on the Internet is the target of
political attacks.)
I was just trying to look at the bug reports to see whether they were
complete fabrications. I happen to think that they do have a vague
connection to reality. That doesn't mean that this is an significant
issue. As I said above, ``Obviously there isn't anything wrong with
qmail.'' It just means that I believe that the bug reports are not
complete fabrications.
DJB's earlier message asked whether people would be willing to testify
in court, suggesting that he may be thinking of bringing a court case.
If he is indeed thinking of this, I would urge him to not do it. I
expect, since the bug reports are not actually lies, that he would
lose.
Ian
