Path: utzoo!attcan!uunet!tiamat!quintro!bep
From: bep@quintro.uucp (Bryan Province)
Newsgroups: comp.sys.apollo
Subject: Re: security problems
Message-ID: <1990Jul5.142403.3942@quintro.uucp>
Date: 5 Jul 90 14:24:03 GMT
References: <1990Jul2.145952.13977@caen.engin.umich.edu> <1407@m1.cs.man.ac.uk>
Reply-To: bep@quintro.UUCP (Bryan Province)
Organization: none
Lines: 20

In article <1407@m1.cs.man.ac.uk> dente@els.ee.man.ac.uk writes:
>As far as I can tell - the only real solution is for HP/Apollo to IMMEDIATELY
>fix any security holes (no - fixed in release 15.23 1/2 WON'T do!!) and simply
>inform people that the patch exists and should be installed.  They should not
>release any details of the nature of the problem as this simply makes things
>easier for hackers.  I believe that DEC already operate in a similar fashion to
>this - though I could well be wrong.

Yes DEC does do this.  I used to administer a couple of DEC systems a few
years ago and every once in a while I'd get a tape that said it was a
"MANDATORY PATCH" and that it fixed a security bug and that if it wasn't
installed that DEC wouldn't be responsible for any security problems that may
result.  They didn't describe the problem they just fixed it for you.  Ah the
good old days.  Too bad HP/Apollo doesn't subscribe to the same policies that
other companies have used for years (stab, gouge, flame).
-- 
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
Bryan Province     Glenayre Corp.           quintro!bep@lll-winken.llnl.gov
                   Quincy,  IL              tiamat!quintro!bep@uunet
           "Surf Kansas, There's no place like home, Dude."