Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!usc!ucsd!helios.ee.lbl.gov!hellgate.utah.edu!cs.utah.edu!zeleznik
From: zeleznik@cs.utah.edu (Mike Zeleznik)
Newsgroups: comp.sys.apollo
Subject: Re: security problems
Message-ID: <1990Jul6.094342.23486@hellgate.utah.edu>
Date: 6 Jul 90 15:43:41 GMT
References: <1990Jul2.145952.13977@caen.engin.umich.edu> <1407@m1.cs.man.ac.uk> <1990Jul5.142403.3942@quintro.uucp>
Organization: University of Utah CS Dept
Lines: 22
X-Local-Date: 6 Jul 90 08:43:41 PDT

>>As far as I can tell - the only real solution is for HP/Apollo to IMMEDIATELY
>>fix any security holes (no - fixed in release 15.23 1/2 WON'T do!!) and simply
>>inform people that the patch exists and should be installed.
>
>Yes DEC does do this. ...
>... Too bad HP/Apollo doesn't subscribe to the same policies that
>other companies have used for years (stab, gouge, flame).

*YES*. And not just for security either. HP has been sending out periodic
(quarterly I think) bug/status lists for some time.

Given that Apollo has had the mothly patch tape mechanism going for years,
it's a shame they couldn't have made it *MUCH* more useful by following
this example (maybe now it will change, but I'd imagine HP has many other
things of higher priority...).

Mike

  Michael Zeleznik              Computer Science Dept.
                                University of Utah
  zeleznik@cs.utah.edu          Salt Lake City, UT  84112
                                (801) 581-5617