| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 17 20:45:48 2005
From: dufresne at winternet.com (Ron DuFresne)
Subject: It's not that simple... [Was: Re: Disney Down?]
On Wed, 17 Aug 2005, Micheal Espinola Jr wrote:
> >From my perspective, developing a patch and applying a patch are two
> different life cycles. I'm no developer, but I know what it takes to
> properly test and roll-out patches within my (current and previous)
> organization(s).
>
> I don't pretend to believe that all patches are the same, but this PnP
> patch is one of the less difficult to deal with in terms of a
> roll-out. I truly believe this recent worm could have been avoided if
> MS05-039 was taken more seriously.
Isn't this like the second or third time M$ has been bitten by pnp within
the past say two to three years? So, is this an example of the M$
tendency to not fully patch the affected system/service, but to only
address a "current" potential which has been a thing that's bitten them in
the past many many times as well?
>
> I cannot say as to why MS hasn't addressed any other outstanding
> issues. While it's a valid concern of mine as well, it really doesn't
> relate to the discussion regarding the MS05-039 fiasco.
>
Perhaps it does realte considering the above and considering that the unix
world learned many of the evils of RCP services over ten years ago that
seem to hit the M$ realm every few months, repeatedly...
Thanks,
Ron DuFresne
--
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists