Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

[nickless () mcs anl gov (Bill Nickless)]

At 01:02 PM 12/3/94 -0500, Bob Manson wrote:

> I have a basic problem with partial disclosure: who decides who is
> "eleeet" enough to receive the full disclosure? If you're not in the
> "in crowd", you lose. And that's fine with me, ultimately--if 8lgm
> decides they don't want to do full disclosure, that's up to them. But
> that doesn't mean the rest of us can't and won't disclose everything
> that we know in a free environment.

This rings true to me.  Take the bug that bit IBM a couple of months ago
regarding the interaction between logind and login.  Many people at our site
beat on IBM because of such a wide hole that had been fixed in other systems
long before.  But they had no answer when I asked "so if you worked at IBM,
who could you ask to get a list of known security holes in BSD or whatever
so that you could make sure your operating system has fixed them?"
--
Bill Nickless          nickless () mcs anl gov          +1 708 252 7390
              http://www.mcs.anl.gov/people/nickless