At 01:02 PM 12/3/94 -0500, Bob Manson wrote: >I have a basic problem with partial disclosure: who decides who is >"eleeet" enough to receive the full disclosure? If you're not in the >"in crowd", you lose. And that's fine with me, ultimately--if 8lgm >decides they don't want to do full disclosure, that's up to them. But >that doesn't mean the rest of us can't and won't disclose everything >that we know in a free environment. This rings true to me. Take the bug that bit IBM a couple of months ago regarding the interaction between logind and login. Many people at our site beat on IBM because of such a wide hole that had been fixed in other systems long before. But they had no answer when I asked "so if you worked at IBM, who could you ask to get a list of known security holes in BSD or whatever so that you could make sure your operating system has fixed them?" -- Bill Nickless nickless@mcs.anl.gov +1 708 252 7390 http://www.mcs.anl.gov/people/nickless