> Getting code right is hard. Getting code right in a complex system is > *very* hard. While one can, I claim, do better for security stuff than > in the general case, I do not think it is humanly possible to build > a large system with no security flaws. (And yes, I put firewalls in > that category -- which is why good firewalls are as small and simple > as possible.) Absolutely. I've been a SysAdmin for a while now and I learned very quickly that it's just not a bright idea to install a patch unless you need it. This can be said for a lot of things. If you subscribe to chaos theory (and I do) then you would be better off accepting that you *will* introduce new bugs (and possibly security bugs) while fixing old ones. In that case, you should release the source with the patch, or your customers need to accept that you may get it wrong the first time. --Randy