-
Again, I do not know exactly this case, but what
@marcan42 is trying to say, I think, is that you can be the fucking master of the Universe in one field. And at the same time an incompetent in other. I am an incompetent in most fields BTW.
Yes, I specified incompetent *in another field*. Not checking for integer overflows and relying on your program being run with a virtual memory limit for security instead is incompetence in the field of secure service programming. Sure, I trust him to write crypto code though.
-
-
This, by the way, makes *perfect sense* when you consider that writing secure crypto code is all about *minimizing* condition checks and branches and working with fixed sized data blobs, while writing secure app code is the exact opposite, checking and validating everything.
-
Which also means I also wouldn't want him anywhere an x509 parser or PKI implementatiom, but very happy to have him write the underlying crypto primitives :-)
End of conversation
New conversation -
-
-
Not sure if that's the context though. https://en.wikipedia.org/wiki/Qmail#Security_reward_and_Georgi_Guninski's_vulnerability … IMHO djb knows what's going on, this is always been about the reward.
-
If he knew what was going on he'd have fixed the bug 15 years ago, even if he declined to reward. The fact that he didn't fix it makes him incompetent and his software dangerous to run. If he had declined to reward only then he'd only be a bit of a dick :)
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.