From: "Geo." 

"Mike '/m'"  wrote in message
news:d2n6vusd1ei9p7h6a8kvc70igti218vjj5{at}4ax.com...

> So I can look at the source code, so I can fix a bug that I find (if I
> choose to do so), so that I can add a feature, etc. etc. etc.  Just
> because  product is open source does not mean that *every* user needs
> to see/use the source.

I understand this difference, but my point has been that unless you are a
programmer, and a damn good one at that, you aren't going to be doing
anything but compiling the source. As an example of this I have been trying
to point out to you that the posts here in this group are almost always
concerning configuration or use or what version to use to get that feature
and never stuff like "oh here, I patched that for you"..

If it was as important as you make it out to be to users then would we not
see code snippets being passed around in this support group? In fact have
you EVER seen anyone EVEN SUGGEST someone patch the source code as a cure
for a problem?


> >You talk about using third party patches, sort of like the ones that
> >were released for IIS or the configuration options I posted for NTmail
> >exploits?
>
> I can't compare the patches I was talking about to the ones you speak
> of because i never saw the ones you speak of.

Drop in the ntmail group, I just posted an exploit that allows anyone to
email all addresses in an email domain, get around all the filters, and you
can do it anonymously. And I posted a configuration change or a redirect
config that can be used to disable this exploit.

> > Nobody needs the source code to IIS to write an ISAPI filter or
> >to change a system variable.
>
> So?  What's your point here?

It only matters to programmers. (source code that is)

> >Who patched Sendmail?
>
> I use Postifx, so i can't comment on this.

Has postfix ever needed a patch and if so did it come from the postfix team?

> That's your strawman, have fun with it.

It's not a strawman, we are talking about downloading patches from someone
other than the original author and it's a very real concern. The security
lists have had patches posted to them that would compromise your box. If a
major exploit were discovered in an open source product I think it very
likely that the same hackers would try to take advantage of the public's
rush to patch. As open source becomes more popular this will become a huge
issue.

> Geo., your ignorance of how Open Source works is really making you
> post foolish things.  Perhaps you should take more time to educate
> yourself....

http://cert.uni-stuttgart.de/archive/focus-linux/2002/05/msg00057.html
http://www.securityfocusonline.com/news/1113

It's pretty clear to me how open source works.. It's also pretty clear to
me how to exploit the open source system. That second link would have been
front page news if it had been MS instead of sendmail team, I wonder how
you would have viewed it then?

Geo.

--- BBBS/NT v4.01 Flag-4