lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <OFD6CCB25E.E62C841D-ON852570EE.004AAC33-052570EE.004B7CCC@mailrouter.net>
Date: Fri, 6 Jan 2006 08:44:33 -0500
From: Matt.Carpenter@...icor.com
To: ge@...uxbox.org
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: Re: what we REALLY learned from WMF


Gadi Evron <ge@...uxbox.org> wrote on 01/05/2006 04:53:45 PM:

<snip>
> 2. Microsoft decided to jump through a few QA tests this time, and 
> release a patch.
> 
> Why should they be releasing BETA patches?
> If they do, maybe they should release BETA patches more often, let those 

> who want to - use them. It can probably also shorten the testing period 
> considerably.
> If this patch is not BETA, but things did just /happen/ to progress more 

> swiftly.. than maybe we should re-visit option #1 above.
> 
> ...
> 
> Maybe it?s just that we are used to sluggishness. Perhaps it is time we, 

> as users and clients, started DEMANDING of Microsoft to push things up a 

> notch.
> 
> ...
> 
> Put in the necessary resources, and release patches within days of first 

> discovery. I?m willing to live with weeks and months in comparison to 
> the year+ that we have seen sometimes. Naturally some problems take 
> longer to fix, but you get my drift.
<snip>

Way to go, Gadi.  Nicely put. 

The opensource guys almost always have different repositories for preview 
and testing.  Ubuntu currently has Dapper available for download and the 
repositories are available, even though it's not due for release until 
April.  Debian has multiple levels of testing platforms, depending on how 
insane you happen to be.  On the consumer end, many customers will also 
maintain two repositories.  One for production, the other to test what 
they're about to push out. 

While Microsoft doesn't open their code to the world early, they could 
selectively involve key customers which are willing to have a couple of 
their PC's run with a different update site.  A 
"test.windowsupdate.microsoft.com" if you will (or the SUS equivalent).

Why should the OSS people have all the fun!?  ;)
Or rather, why should the pay-for customers get the shaft when the free 
stuff is doing it "More Right".

Matt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ