Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: Gerhard Sittig <Gerhard.Sittig@xxxxxxx>
  • Date: Thu, 3 Aug 2000 20:42:26 +0200
  • Message-id: <20000803204226.G9035@xxxxxxxxxxxxx>
On Wed, Aug 02, 2000 at 23:45 +0200, Thilo Bangert wrote:
>
> Second, one needs to mention all the bugs Microsoft fixes
> without the public being aware of such. Just today there has
> been a post on bugtraq proclaiming a w*n2k bug. It took
> microsoft *4* minutes to post a message, saying that a patch
> for excactly this vulnerability was available.

Not that I'm sure how this one went, but it's usual (I hope so)
and good habit to talk to an author before blaming him in public
when finding security related bugs. So the problem report *and*
a work around or real fix update come together with still due
credit to whoever had which part in this. Everything else will
leave the _users_ behind with a vulnerable system and no cure,
while kiddies and other idiots know where to go to and burgle in.

It's about thinking before taking wild action. :)

> Besides I don't want to know how many bugs win2ksp1 fixes (its
> 87 megs big!)

This could be mostly due to the delivery being done in binary
form. The source diff might be tiny, but when it's in the base
and almost every executable is involved, ...

Not that I'm a Windows fan (the ones knowing me know better:),
but there might be valid reasons.


virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.

< Previous Next >
References