dotProject Forums

Go Back   dotProject Forums > BOARD PROCEDURES > Moderator Announcements
Register FAQTop Posters Members List Calendar Search Today's Posts Resend Activation Email Mark Forums Read
Bugs & Feature Requests Download dotProject

Moderator Announcements Moderator Announcements, Comments, Information etc Forum is not for general posting - hence the LOCK icon.

Thread Tools Display Modes
Old 17-06-08, 11:09 AM
Karen's Avatar
Karen Karen is offline
Utter Fanatic
dotProject Version: 2.1.3
php Version: 5.2
MySQL Version: 5.2
Operating System Version: Linux
Browser: Firefox
Join Date: 13-04-04
Posts: 2,443
Default We don't pay for bug reports on dotProject

After all these years as an admin on dotProject, you get to the point where you think you've seen it all. Having spent, what is increasingly close to 50 years on the planet does give you some expectations with regard to other people's behaviour. But every now and then along comes somebody who just reminds you that there are always new depths to be plumbed.

Yesterday evening (my time) a new user signed up to these support forums and immediately sent me this Private Message:

I found critical sql injection in dotrojekt 2.1.1

It can be exploited to manipulate the SQL query and may reveal sensitive information.

I can open it for some donation.
I then watched this person read my response which politely advised that we'd be happy to lodge the details of the SQL injection quickly and provide a fix to the community - no response / no details, needless to say, were forthcoming.

I'm assuming that this person fully understands the legal definition of "extortion" and "blackmail". I am further assuming that they don't care, that this is some sort of new money making scheme for at least this person - money, after all, being the only thing that matters in this entire world. Why not take money when you obviously don't have integrity, brains, compassion, community spirit or intelligence.

So just on the off chance that there's any other lowlifes lurking around under their rocks out there. We will not be paying anything for any bug reports. Scare tactics are not funny and they are most definitely not effective.

So which I know is a throw-away mailbox (but unfortunately their site is in Russian and I can't find a report lowlife's link in English), congratulations. By some quirk of human nature it's sometimes possible to forget that for every decent human being out there - who contributes to an open source project with no thought of personal monetary gain, glory or aggrandisement, without putting down the hard working people who contribute freely of their time and effort, without expecting anything much in return - there is at least one thing like you.
I love deadlines. I like the whooshing sound they make as they fly by. Douglas Adams

Please do not use Private Messages to ask support questions.
dotProject Admin & Development Blog -
Like Crime Fiction -
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT +10. The time now is 07:41 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.