Bugtraq mailing list archives

Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

From: casper () fwi uva nl (Casper Dik)
Date: Tue, 29 Nov 1994 10:17:47 +0100


Gene Spafford writes:

[...deleted...]
I'm also not trying to reopen the debate about full vs. partial vs. no
disclosure.  I'd like to see some hard evidence for things, though,
and *not* debate.  Even my experience has been anecdotal (but I
believe that it is more representative of the true user community than
these lists are).  Statements to the effect that "policy X produces
patches faster than policy Y" should be backed up by testable data.
Otherwise, they fall in the category of faith healing, diet aids, and
sightings of Elvis -- the observer may believe it is true, but there
is no controlled way to demonstrate it to skeptical observers in a
general setting.


Stating the obvious here, but we seem to be in the experiment now.

With 8lgm in the past, going with full disclosure.  One needs
to recall how quickly sun/ibm came up with patches for published
holes.


Change that in: "how quickly Sun came with not-working patches"
Note too that the patch that finally fixed the /var/spool/mail
race conditions appeared months after the last 8lgm advisory.


Casper

Current thread:

Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994, (continued)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Alan Hannan (Nov 28)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Paul Howell (Nov 28)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 28)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Karl Strickland (Nov 28)
    - Full vs. Partial Dsiclosure Nathan Lawson (Nov 28)
    - (fwd) In reply to comments about new policy (fwd) Paul 'Shag' Walmsley (Nov 28)
    - Re: (fwd) In reply to comments about new policy (fwd) anthony baxter (Nov 28)
    - Old vulnerability disclosure please? (fwd) Jeon Young-mi (Nov 29)
    - Re: (fwd) In reply to comments about new policy (fwd) Pug (Nov 30)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Robert M. Haas (Nov 29)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Casper Dik (Nov 29)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Doug Siebert (Nov 29)
  - STOP! Aleph One (Nov 29)
- Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Pete Hartman (Nov 28)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 29)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Pat Myrto (Nov 29)
    - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Karl Strickland (Nov 30)
- Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 RAS () CACDVAX CACD ROCKWELL COM (Nov 29)
  - Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994 Gene Spafford (Nov 30)