[14168] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Distributing Patches in Email (was: RE: EZ Shopper 3.0

daemon@ATHENA.MIT.EDU (der Mouse)
Tue Mar 7 01:30:07 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id:  <200003040045.TAA02071@Twig.Rodents.Montreal.QC.CA>
Date:         Fri, 3 Mar 2000 19:45:22 -0500
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

> As someone who works for a vendor that does distribute product
> updates via email, I feel that I need to respond.  An exception the
> rule Marc mentions should be non-executable, strongly signed updates.

Not good enough - it's too easy for someone to save an old update, then
much later, after bugs are known in it, forge mail from you including
the "update", thereby reintroducing known bugs into the customer's
system.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14168] in bugtraq

Re: Distributing Patches in Email (was: RE: EZ Shopper 3.0

daemon@ATHENA.MIT.EDU (der Mouse)Tue Mar 7 01:30:07 2000

daemon@ATHENA.MIT.EDU (der Mouse)
Tue Mar 7 01:30:07 2000