Full Disclosure mailing list archives

Re: Third party patches, a matter of trust by n3td3v

From: coderman <coderman () gmail com>
Date: Thu, 30 Mar 2006 04:40:22 -0800

On 3/29/06, n3td3v <n3td3v () gmail com> wrote:


Third party patches, a matter of trust

Why are third party patches a bad thing?


they are only a bad thing if they are not trusted and not well tested.

They force Microsoft to rush out a patch before
Q.A testing has been fully completed in the time scale
Microsoft would have initially hoped.


M$ is never forced to do anything.

a short / inadequate test cycle for the third party patch is indeed
something to consider though.  (presumably anyone deploying a third
party patch is also doing much more testing than they would for a M$
tested and sanctioned patch)

Is it responsible for eEye to release a third party patch before Microsoft?


absolutely.

is it responsible for any system administrator to apply the eEye patch?
that depends on trust and testing... :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Third party patches, a matter of trust by n3td3v n3td3v (Mar 29)
- Re: Third party patches, a matter of trust by n3td3v teh kids (Mar 29)
  - Re: Third party patches, a matter of trust by n3td3v n3td3v (Mar 29)
- Re: Third party patches, a matter of trust by n3td3v Aaron Gray (Mar 29)
- Re: Third party patches, a matter of trust by n3td3v coderman (Mar 30)
- <Possible follow-ups>
- RE: Third party patches, a matter of trust by n3td3v Chris Locke (Mar 29)
  - Re: Third party patches, a matter of trust by n3td3v n3td3v (Mar 29)
    - Phish Registry Stephen Johnson (Mar 29)
    - Re: Phish Registry n3td3v (Mar 29)
    - Re: Phish Registry n3td3v (Mar 29)
    - Re: Third party patches, a matter of trust by n3td3v nick johnson (Mar 30)