lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: andrew at dev.bigfishinternet.co.uk (Andrew Aris) Subject: YAWN (Was Microsoft math) For God's sake people GET OVER IT! For whatever reason MS have patched these Vulns in condensed patches, yes it suits some people (myself included I'll admit) and doesn't suit others. It does suit the majority of home users for example (which hang on happens to be MS's bread-and-butter market). Lets be honest here that for whatever exact reason they did it this way, be it to ease the logistics at their end of developing/releasing the patches: say your in a C file and vuln A is on line 67 and vuln B is on 71 - would you 1. fix vuln A, recompile the file, send it for testing, test all the affected dependents, release the patch to the world or 2. would you fix both, recompile, test, and release the patch? or wether it was to look good: fix multiple vulnerabilities that you were informed about all at once and look efficient (at least to some of your key demographics) or release 20 seperate patches, the final of which is the roll-up patch and look a fool. At which point you know that there would have a been an outcry about how wasteful they were! Microsoft are not in this business to gain the respect of the linux fans who will in all likelyhood hate them anyway. They are here to make money, so who can blame them for trying not to look like fools? IMO the only thing they really deserve slating for is the time it took to release them (which several people have already picked up on) -- big fish internet ltd, 8 beetham road, milnthorpe, cumbria LA7 7QR tel: +44 (0)15395 64580 http://www.bfinternet.co.uk big fish internet limited t/a bf internet registered in england no. 3558791 --
Powered by blists - more mailing lists