Re: [SL] SQL-Ledger vulnerability CVE-2006-4244

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

What *IS* bullshit, now that you started using foul language, is the way
you and your name sake are and have been going about it. Lying about
alleged censoring, forging headers, whining about Simader's attitude
towards Open Source (which is contrary to your politics), and now this FUD.

Besides that nobody has a *RIGHT* to anything, "the application is"
*NOT* "severely flawed". There are simple remedies, such as .httaccess
and not so simple ones as SSL, and this wannabe fork. Speaking of which,
would you mind taking it and yourself and your whiner buddies elsewhere?
Preferrably where the sun don't shine, but at least to another  list, I
am quite willing to set up "SL-wannabes" for you.

Mr Simader has fixed all bugs that I have reported within hours.

el

on 9/7/06 11:41 PM Christopher Murtagh said the following:
> On 9/7/06, Trevor Hennion <tre...@th...> wrote:

>> Undoubtedly the problem should be fixed - but it does NOT affect all
>> SQL-Ledger users, so I think some proper reporting of the vulnerability
>> is required - currently it sounds like scare mongering - or does it just
>> happen to coincide with this fork?
> 
> That is total BS. There are people who are using internet facing
> installations of SL, this can be demonstrated by a google search for
> 'SQL-Ledger version'. They have a right to know that their application
> is severely flawed. Numerous attempts to get Dieter to fix this
> problem have been ignored, only by going public with this did he start
> to make noises about fixing it. While we were talking to him off list
> about it, he kept on insisting that it wasn't a security problem. If
> this is so, why is he fixing it now that it is public? It's either a
> problem or it's not.

-- 
Dr. Eberhard W. Lisse  \        / Obstetrician & Gynaecologist (Saar)
el...@li... el108-ARIN /   *   |   Telephone: +264 81 124 6733 (cell)
PO Box 8421             \     / Please send DNS/NA-NiC related e-mail
Bachbrecht, Namibia     ;____/             to dns...@na...