[13] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (Bennett Todd)
Mon Oct 17 22:22:59 1994
From: Bennett Todd <bet@ritz.mordor.com>
To: bugtraq@fc.net
Date: Mon, 17 Oct 1994 20:46:56 -0400 (EDT)
In-Reply-To: <9410172311.AA10976@snark.imsi.com> from "Perry E. Metzger" at Oct 17, 94 07:11:15 pm
Perry E. Metzger <perry@imsi.com> wrote:
> You don't and can't know what you are messing up.
Then it's critically important to figure out what, and how to avoid messing
it up.
> The whole point is that the vendor is responsible for problems in
> their system and should fulfill its obligations to customers who've
> bought its software. Saying "quit bitching; use public sources" is
> dangerously wrong.
"The vendor is responsible" doesn't found like reality. "Wait for the vendor
to behave responsibly and fix it" is pretty dangerous too. Where does the
most responsible course lie? I dunno. But Sun has made it clear that they
won't be shipping a secure, robust OS anytime in the forseeable future.
Their response to security bug reports is "fixed in Solaris 2"; Solaris 2 is
still in alpha, in terms of robustness and stability, and promises to remain
so until the current crop of managers is fired at Sun. I ain't holding my
breath.
-Bennett
bet@mordor.com
