alt Hacker NewsWhen you offer up an alternative as technically superior in some manner then yes, it is on you to demonstrate such a claim in a convincing manner. "No bugs in 3 years in this software with a much smaller audience and also look AI audits!" comes across as off topic shameless self promotion. At least if an insightful technical discussion ensued the subthread might prove worthwhile but so far it's just the usual tired shit flinging.
I have far more evidence of a very good security record with MaraDNS than “No bugs in 3 years in this software with a much smaller audience and also look AI audits!”
• The software has been around for 25 years
• The software is popular enough to have been subjected to dozens of security code audits, including two audits in the post-AI era
• In those 25 years, only two remote “packet of death” bugs have been found
• Also, in those same 25 years, only one single bug report of remotely exploitable memory leaks has been found
This isn’t something which, as implied here, has a lot of security bugs only because no one has used or audited the software. This is a long term, mature code base which has only had a few serious security bugs in that timeframe.
Here is my evidence:
https://samboy.github.io/MaraDNS/webpage/security.html
If this evidence isn’t “convincing” to you, I don’t know what evidence would be “convincing”.