I am not going to reply anymore after this...
"before calling something secure, i would suggest picking up a coding
tutorial... that extremeftpd looks... well.. horrible (it is (if possible)
worse than raveftpd)"
I suppose you don't know what is cryptography if you think it is coding
something. I agree the implementation must be safe but I released it 3 years
ago and so security bugs were claimed in the code in the meanwhile. The code is
under GPL if you find some bug you can give you rcontribution without sending
me any e-mail.
"msg.c is the same "stupidity" all over again, it used to be:
len = vsnprintf (buf, strlen(buf),"%s", bla);
buf[len] = '\0';"
That bug you are talking about was found during the testing phase, in fact we
had people trying to find bugs in the code as a hacking game. This lead good
results and now we released eftpd 0.3.4 that is no more a testing version
(since we released it to the public). If you find bugs over there you are
welcome!
"and you suggest we should trust THAT software is secure??? get real!"
You definitely dont know about what you are talking.
"pretty neat tough... i informed them about a dozen bugs in their ftp daemon,
and NO appreciation at all..."
I never received any e-mail from you...
"this means, i'm not gonna disclose any bugs i find (believe me, this was just
the beginning, there is absolutely no reason to use rosiello software... more
holes than cheddar cheese ;))"
Definitely I don't trust anything you said since you claims for bugs mailed to
us, but no mail were received. You should appreciate people that produce
software for free and work for the community. If you evaluate a software unsafe
because of bugs in its testing phase well probably you should study some
sooftware life cycle and design book.
yours,
Angelo Rosiello
http://www.rosiello.org
