[Catalyst] Outcome of the "Security issue with hashed passwords in C:P:A:Password"?

Evan Carroll lists at evancarroll.com
Sun Apr 11 17:08:59 GMT 2010

On Sun, Apr 11, 2010 at 12:31 AM, Andrew Rodland
<andrew at cleverdomain.org> wrote:
> Please, make some more public insults.

Your modus operandi consists of acting authoritative and aggressive in
the hopes of soliciting a negative reaction. I've never seen you be so
direct before.

> I would be even further entertained if you would make more sweeping declarations about modules you didn't even read the documentation for and have never used in your life

Would you point to a single accusation that I've been wrong on in this
entire thread?

> and submitted some more patches that duplicate functionality poorly.

Feel free to speak your points with patches at your own expense in
time: I did. I also don't appreciate you calling my contributions
poor, or anyone else's for that matter.

> You can put on a show all you like for these people. If you keep it up, you can even get me to quit just to avoid your toxic presence. But I know you far too well.

You're going to quit what? Mailing list? Tread? Community involvement?
Development with Catalyst? Just because you entered into a
conversation where you have, so far as I can see, given me little but
insults. Ok, lets start the show and select only statements from
Andrew Rodland's (hobbs) posts *on this thread about the issue I filed
on RT.* We can start with one from this letter:

    -- Last post
    "Please, make some more public insults."
    "You'll never convince me that you're doing anything but trolling."
    "On that topic, when did you stop being banned on this list? I'm
guessing "never"."
    -- April 10
    * "complexity of storing them separately"
    * "Why would you add duplicate functionality that's inferior to
what it duplicates?"

    -- March 24 (first post, and your personal introduction to the topic)
    * "It would be if anything you said were true; fortunately it's not"
    * "both available methods of doing salted passwords with ...
      Catalyst::Plugin::Authentication do salt entirely the correct way."
    * "Your unncecessary and condescending lectures are, however, greatly
      appreciated as usual."

Ok, March 24, was kind of dude, I probably should have just block
quoted the whole response rather than breaking it up into ad hominem
statements. I still have your original response from RT.

    -- RT March 24
    * "I have no idea what distribution you intended to file this bug
against, but
      it's obviously not the one you *did* file against, which does nothing even
      vaguely resembling reading salt from a config file."

Yea, I'm putting on a show: I'm calling you out. That's me being
direct. I've acted hostile to you in the past to my own detriment. In
my own mind - and maybe I'm wrong -- I doubt there are many unbiased
readers sitting on your side. Oh, and I've never been banned from this
list, not even for a second, perhaps you're confusing me for someone
else? By any means, wrong again.

With love,

Evan Carroll
System Lord of the Internets

More information about the Catalyst mailing list