Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aleph One: "STOP!"
• Previous message: Bruce Barnett: "Re: Full vs. Partial Dsiclosure"
• In reply to: Paul Howell: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
• Next in thread: Doug Siebert: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"

>
>Gene Spafford writes:
> > [...deleted...]
> > I'm also not trying to reopen the debate about full vs. partial vs. no
> > disclosure.  I'd like to see some hard evidence for things, though,
> > and *not* debate.  Even my experience has been anecdotal (but I
> > believe that it is more representative of the true user community than
> > these lists are).  Statements to the effect that "policy X produces
> > patches faster than policy Y" should be backed up by testable data.
> > Otherwise, they fall in the category of faith healing, diet aids, and
> > sightings of Elvis -- the observer may believe it is true, but there
> > is no controlled way to demonstrate it to skeptical observers in a
> > general setting.
>
>Stating the obvious here, but we seem to be in the experiment now.
>
>With 8lgm in the past, going with full disclosure.  One needs
>to recall how quickly sun/ibm came up with patches for published
>holes.

Change that in: "how quickly Sun came with not-working patches"
Note too that the patch that finally fixed the /var/spool/mail
race conditions appeared months after the last 8lgm advisory.


Casper

• Next message: Aleph One: "STOP!"
• Previous message: Bruce Barnett: "Re: Full vs. Partial Dsiclosure"
• In reply to: Paul Howell: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
• Next in thread: Doug Siebert: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"