lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu Mar 30 13:40:29 2006
From: coderman at gmail.com (coderman)
Subject: Third party patches, a matter of trust by n3td3v

On 3/29/06, n3td3v <n3td3v@...il.com> wrote:
>
> Third party patches, a matter of trust
>
> Why are third party patches a bad thing?

they are only a bad thing if they are not trusted and not well tested.


> They force Microsoft to rush out a patch before
> Q.A testing has been fully completed in the time scale
> Microsoft would have initially hoped.

M$ is never forced to do anything.

a short / inadequate test cycle for the third party patch is indeed
something to consider though.  (presumably anyone deploying a third
party patch is also doing much more testing than they would for a M$
tested and sanctioned patch)


> Is it responsible for eEye to release a third party patch before Microsoft?

absolutely.

is it responsible for any system administrator to apply the eEye patch?
that depends on trust and testing... :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ