Re: End of all Open Source.

From: Bradley Bungmunch (Bradley@Bungmunch.com)
Date: 03/06/03


From: Bradley Bungmunch <Bradley@Bungmunch.com>
Date: Thu, 06 Mar 2003 22:54:07 +0000

On Wed, 05 Mar 2003 23:47:12 GMT, Barry Margolin
<barry.margolin@level3.com> wrote:

>In article <e3nc6vctfkutoajk6so9ig4g802vj3u01d@4ax.com>,
>Bradley Bungmunch <Bradley@Bungmunch.com> wrote:
>>If this bug had been announced straight away, it would also have been
>>fixed almost immediately. Instead they kept it quiet and it took three
>>months for a fix to be issued.
>
>Yet, as far as we know, it was never exploited during that time.
>
And on what bit of research do you base this? Illuminate me please.

>So the system seemed to work.
>
You go jump off a high building. I bet you, right until before you go
splat, everything will still seem OK.

>>In the meantime, the systems remained vulnerable and the people who
>>never bother to patch their systems will still have unpatched systems
>>in the weeks to come.
>
>People like that are irrelevant -- if they don't bother to patch their
>systems, it doesn't matter when the vulnerability and fixes are announced.
>
So what was the point in the delay?

>If the vulnerability had been announced immediately, what could end users
>have done with the knowledge? Should they shut down their mail servers
>until the patches are made available? Or frantically convert to some other
>mailer like postfix?
>
Why did the fix take so long to produce? What was so different? Like
I said - in a previous paragraph - people who don't patch their
systems aren't going to bother patching just because their has been a
three month delay.

>Telling people about a vulnerability without providing practical solutions
>is like the terror alerts that out government keeps announcing. I'm just
>not sure what the analogy is to sealing your house with plastic and duct
>tape. :)
>
But the failure to provide a timeous solution seems to have been
*caused* by the very fact that the bug was kept secret. Has nothing
been learned about the problems of this fallacious method of dealing
with bugs.

"I would rather have a German division in front of me than a French one behind me."

--- General George S. Patton