[linux-elitists] wtf is "public domain"?

Jack Lloyd lloyd@randombit.net
Tue Nov 6 12:16:15 PST 2007


On Tue, Nov 06, 2007 at 11:51:21AM -0800, Rick Moen wrote:

> I've always carefully sidestepped claims about the $500^W$1000 bounty
> and qmail security problems, but I hyperlink to some of the dogfighting 

I've never seen much value in prizes like that. It always seems to
make the developers get very defensive, usually complete with web
pages like DJB's, explaining how any flaws found so far don't count.

And consider the value proposition a $500 prize offers to someone who
has the skills to audit qmail and have a reasonable chance of finding
a security flaw. They can try to find a flaw, and *if* they find
something and *if* DJB actually pays out, they get a prize that's
about what they would make in a day doing security audits for paying
customers. And if you're looking for fame (or an exploit to sell),
you'll look at sendmail or Postfix long before qmail, since they are
vastly more popular.

Jack



More information about the linux-elitists mailing list