Full Disclosure mailing list archives
Re: GUNINSKI THE SELF-PROMOTER
From: Valdis.Kletnieks () vt edu
Date: Sun, 20 Jul 2003 01:25:20 -0400
On Sat, 19 Jul 2003 22:43:36 EDT, "mattmurphy () kc rr com" <mattmurphy () kc rr com> said:
point. You whine about two weeks to produce a patch from MS, and then you wait for an open source project to patch a bug for almost a month, they don't even start, and you still praise their project. That's hypocrisy Georgi, no matter what you call it.
How about we factor in the budgets allocated to each of: security () microsoft com vim-security () wherever it.lives This is something that often gets overlooked in calls for liability for software vendors - the fact that it's *really* difficult to write the laws such that large commercial vendors have to take notice, but not make it prohibitively risky to release open-source freeware. There's nothing at all "hypocritical" in holding a large vendor to a higher standard than a private project - one can reasonably expect that Microsoft can find the resources to have a security bug looked at within 24 hours. On the other hand, a lot of open source software is maintained by just one or two people. Expecting 24 hour responses there means that if you release open source software, you're agreeing to never get sick, to never take a 4-day weekend to see a brother or sister get married, or any of those other pesky things that interrupt when you're busy having a life.... I'll just add in parenthetically that I've never seen a vim exploit that was potentially able to remote-root exploit 95% of the computers in the world. One needs to factor the severity into the expectations of response time. ;) Now as to whether the 'vim' crew met whatever lower standard we should require of them - *THAT* is a different can of worms I'm not going to open. :)
Attachment:
_bin
Description:
Current thread:
- RE: Re: GUNINSKI THE SELF-PROMOTER, (continued)
- RE: Re: GUNINSKI THE SELF-PROMOTER Andrew Thomas (Jul 16)
- RE: Re: GUNINSKI THE SELF-PROMOTER Melvyn Sopacua (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER pandora (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER dhtml (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 18)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER w g (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Troy Solo (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Valdis . Kletnieks (Jul 19)
- Re: Vendor v. Open-Source Response (was GUNINSKI THE SELF-PROMOTER) Karl DeBisschop (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER w g (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Muhammad Faisal Rauf Danka (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER mattmurphy () kc rr com (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER northern snowfall (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Jeremiah Cornelius (Jul 22)
- Re: GUNINSKI THE SELF-PROMOTER northern snowfall (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER dhtml (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Remko Lodder (Jul 20)
- RE: GUNINSKI THE SELF-PROMOTER Scott Renna (Jul 21)