nanog mailing list archives
Re: WMF patch
From: Valdis.Kletnieks () vt edu
Date: Wed, 04 Jan 2006 17:58:16 -0500
On Wed, 04 Jan 2006 13:36:53 PST, Fred Heutte said:
In my reading this is a serious vulnerability, but the self- inflating agitation in the "security community" has reached a highly annoying level. I'm in the FTDT (fix the damn thing) school; let's deal with it and get on with it. Every cycle spent moaning about the faults of Microsoft is a lost opportunity for something more productive.
How many times do you propose we FTDT before we get fed up and ask upper management to authorize a migration to some other software with a better record? And how many more FTDT's do we need to tolerate while we wait for upper management to authorize a migration? Or to put it differently - if you discovered that your router vendor was vulnerable because they had a proprietary BGP extension *designed* to deliver arbitrary code for execution, would you FTDT, or would you be on the phone with your vendor venting your outrage? And what if it wasn't the first, but more like the 10th year in a row that a similar design issue had surfaced? Would you still just FTDT? And while you're trying to figure out how to roll out a patch to 200 routers that are totally under your control, keep in mind that a *small* organization can have 30K PCs, not always totally managed. Still feel like just FTDT?
Attachment:
_bin
Description:
Current thread:
- WMF patch Eric Frazier (Jan 04)
- RE: WMF patch Brance Amussen (Jan 04)
- RE: WMF patch Steve Sobol (Jan 04)
- Message not available
- Re: WMF patch Eric Frazier (Jan 05)
- Re: WMF patch Robert Boyle (Jan 05)
- Re: WMF patch Eric Frazier (Jan 05)
- RE: WMF patch Brance Amussen (Jan 04)
- <Possible follow-ups>
- RE: WMF patch Fergie (Jan 04)
- RE: WMF patch Randy Bush (Jan 04)
- RE: WMF patch Sean Donelan (Jan 04)
- RE: WMF patch Fred Heutte (Jan 04)
- Re: WMF patch Valdis . Kletnieks (Jan 04)
- Re: WMF patch Stephane Bortzmeyer (Jan 05)
- Re: WMF patch Alexander Harrowell (Jan 05)
- MPLS Providers Andrew Staples (Jan 05)
- Re: WMF patch Valdis . Kletnieks (Jan 04)
- Re: WMF patch Martin Hannigan (Jan 04)