[1861] in Release_7.7_team
8.2.20 push for a quick release
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed Jul 14 05:25:24 1999
Date: Wed, 14 Jul 1999 05:25:12 -0400
Message-Id: <199907140925.FAA01219@stratton-eight.mit.edu>
To: release-team@MIT.EDU
From: Jonathon Weiss <jweiss@MIT.EDU>
With the exploits that have been posted on bugtraq for the cmsd hole,
I think we should push for a rapid deployment of 8.2.20 to the field,
preferably with the release occuring tonight.
Reasons to do the release sooner rather than later:
* I belive that the chance of someone collecting an exploit
off of the net and pointing it at at least some athena
machines between now and Monday night is better than 50/50.
* Since /etc/inet/inetd.conf is the only file changed, I think
this is a relatively low risk release
Reasons to do the release later rather than sooner:
* We try to avoid doing releases without an advance announcement
(I'm taking the liberty of sending a piece of mail that warns
of a possible patch release, but does not commit us to doing
one.)
* There is a fairly easy set of commands to disable the hole
for ayatem administrators who are really worried, and don't
want to wait.
I believe the former reasons outweigh the latter.
--
Jonathon