lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200404150902.i3F92RA01003@netsys.com>
From: andrew at dev.bigfishinternet.co.uk (Andrew Aris)
Subject: YAWN (Was Microsoft math)

For God's sake people GET OVER IT!

For whatever reason MS have patched these Vulns in condensed patches, yes it
suits some people (myself included I'll admit) and doesn't suit others. It
does suit the majority of home users for example (which hang on happens to
be MS's bread-and-butter market). 

Lets be honest here that for whatever exact reason they did it this way, be
it to ease the logistics at their end of developing/releasing the patches:

say your in a C file and vuln A is on line 67 and vuln B is on 71 - would
you 1. fix vuln A, recompile the file, send it for testing, test all the
affected dependents, release the patch to the world or 2. would you fix
both, recompile, test, and release the patch?

or wether it was to look good:

fix multiple vulnerabilities that you were informed about all at once and
look efficient (at least to some of your key demographics) or release 20
seperate patches, the final of which is the roll-up patch and look a fool.
At which point you know that there would have a been an outcry about how
wasteful they were! Microsoft are not in this business to gain the respect
of the linux fans who will in all likelyhood hate them anyway. They are here
to make money, so who can blame them for trying not to look like fools?

IMO the only thing they really deserve slating for is the time it took to
release them (which several people have already picked up on)



--
big fish internet ltd, 8 beetham road, milnthorpe, cumbria LA7 7QR
tel: +44 (0)15395 64580   http://www.bfinternet.co.uk
big fish internet limited t/a bf internet registered in england no. 3558791
-- 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ