Bugtraq mailing list archives
Re: UnixWare
From: mouse () collatz mcrcim mcgill edu (der Mouse)
Date: Fri, 29 Apr 1994 09:30:48 -0400
This all got started because I tried to remind people that CERT/CIAC/NASIRC/ASSIST/Santa Claus is not why we have problems; they didn't put the bugs in your systems, and they aren't responsible for fixing them.
No, but I had thought they had advertised themselves as a worthwhile place to report them, and my perception, and apparently that of many other people here, is that this is not the case.
The bugs came from your vendors, and it is up to those vendors to provide working fixes.
In many cases, the bugs come from the original BSD (or sometimes V7) code, and knowing this is valuable to those who are working with a non-vendor version derived from that same code. But CERT never says anything like this; all they ever seem to say is "<foo> is a security hole. The following vendors have patched versions available, here's where to get them.", which is useless in helping people with other vendor versions, or people with non-vendor versions, decide whether they are at risk. That's one reason I subscribed to bugtraq - in the hope of actually finding out enough about bugs to let me determine when I'm vulnerable. And I'm glad to say it's done that. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: UnixWare, (continued)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare (I think it's time to pick a new subject) Doug Hughes (Apr 28)
- Re: UnixWare Marc W. Mengel (Apr 29)
- Re: UnixWare Daniel R Ehrlich (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare Bennett Todd (Apr 28)
- Re: UnixWare Icarus Sparry (Apr 28)
- Re: UnixWare Gene Spafford (Apr 30)
- Re: UnixWare Paul Walmsley (Apr 30)