Path: utzoo!attcan!uunet!mcsun!hp4nl!tuegate.tue.nl!eba!wjw
From: wjw@eb.ele.tue.nl (Willem Jan Withagen)
Newsgroups: comp.sys.apollo
Subject: Re: security problems
Message-ID: <543@eba.eb.ele.tue.nl>
Date: 2 Jul 90 10:08:37 GMT
References: <9006291314.AA00280@cc2.cc.umr.edu>
Sender: wjw@eba.eb.ele.tue.nl (Willem Jan Withagen)
Reply-To: wjw@eb.ele.tue.nl
Followup-To: comp.sys.apollo
Organization: Eindhoven University of Technology, The Netherlands
Lines: 29

In article <9006291314.AA00280@cc2.cc.umr.edu> obrennan@CC3.CC.UMR.EDU (obrennan) writes:
>
>	BTW, I believe security holes should be broadcast over the net.
>	This way, they *will* get fixed, and security based upon hidden
>	information is not secure. 
>	
>I'm not denying that a security hole should be broadcast but broadcasting the
>Apollo hotline problem number instead of the actual problem on this list would 
>be more secure; then only approved hotline users can query the details.

The problem with this is that I and many more of the "approved" users,
are have trouble getting to the hotline. And it somnetimes takes a while for
the correct info to propagate to place outside the US of A. 
Since a lot of us are'nt in the States it would be rather expensive, 
and they would not recognise use as a user with a service contract.
Which brings me to the second point, how about all those users without
a service-contract. There the ones that'll never find out what's going on.

No, I'm in favour to expose as much of the bugs and features as is possible.

Yours, 

	Willem Jan Withagen               

Eindhoven University of Technology   DomainName:  wjw@eb.ele.tue.nl    
Digital Systems Group, Room EH 10.10 BITNET: ELEBWJ@HEITUE5.BITNET
P.O. 513                             Tel: +31-40-473401
5600 MB Eindhoven                 
The Netherlands