On Mon, Aug 25, 2003 at 10:56:38AM -0700, Don Armstrong wrote: > I'm personally only really familiar with ISC's dhcpd3-server, but have > you even read the code written by Ted Lemon? Just randomly slandering > programmers when you are not intimately familiar with their code isn't > something that should be done lightly.
In my original post you could read: (You quote it, see bellow) --------------------------------------------------------------------- [ I don't like to offend Paul Vixie or ISC programmers. They do good job in the beginnings of the Internet and probably in these days they didn't anticipate how hostile will become network for collaboration, sharing ideas and knowledge, extending freedom ... ] --------------------------------------------------------------------- So, I think I'm not slandering them or at least that isn't my intention. I apologize if I did. > As far as I can remember, the last exploit in dhcpd3-server happened > well over 2 years ago. While I've never heard of an exploit in udhcp, > I'm relatively sure it's not as widely scrutinized as dhcpd3-server. Do you follow DSA? -------------------------------------------------------------------------- Debian Security Advisory DSA 231-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 17th, 2003 http://www.debian.org/security/faq Debian Security Advisory DSA 245-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 28th, 2003 http://www.debian.org/security/faq -------------------------------------------------------------------------- > > [ I don't like to offend Paul Vixie or ISC programmers. They do good > > job in the beginnings of the Internet and probably in these days they > > didn't anticipate how hostile will become network for collaboration, > > sharing ideas and knowledge, extending freedom ... ] > > Many of ISC's programs (bind, dhcp) current versions have been > completely rewritten from scratch, or nearly from scratch. The people > who wrote them are quite well aware of the current state of hostile > networks. AFAIK only bind is "rewritten", but Dan J. Bernstein explained how they rewrote it. Some of the bugs were the same in version 8 (old code) and 9 (new "rewritten" code). ;-) Document could be found somewhere on DJB site: http://cr.yp.to/ [ I don't like to refer to DJB, but can't remember anything better ] > > [ BTW, a good measure for security is: don't use ISC software! :-) ] > > In many cases, there isn't an alternative for ISC's software. I have > yet to find a dhcp server that is as featureful and robust as ISC's > dhcp server. If you're serving a network of 5 computers, udhcpd might > work for you, but some people use debian to run dhcpd for networks of > thousands of nodes with hundreds of subnets. I'm using ISC's dhcp to. But this doesn't mean I must praise it and I can't see bugs.
