[6638] in bugtraq
Re: CERT Vendor-Initiated Bulletin VB-98.04 - xterm.Xaw
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri May 1 01:39:14 1998
Date: Thu, 30 Apr 1998 18:16:15 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@PIERMONT.COM>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Thu, 30 Apr 1998 14:43:46 MDT."
<199804302043.OAA15359@cvs.openbsd.org>
Theo de Raadt writes:
> What is this. Is The Open Group now selling security patches only to
> their members?
>
> I asked the XFree86 people. They have received no communication from TOG
> about this at all. I think this is extremely bad ethics on the part of
> TOG to publish information on a security problem and then only give fixes
> to people who have given them money.
For once, I agree completely with Theo. It was bad enough that TOG
decided to turn X into proprietary software -- saying that security
patches for back revs are proprietary is nearly unacceptable behavior.
Perry
