Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!csus.edu!beach.csulb.edu!nic.csu.net!csun!kithrup!sef
From: sef@kithrup.COM (Sean Eric Fagan)
Newsgroups: comp.unix.sysv386
Subject: Re: Vendor Bug Reporting Policy (was Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)
Keywords: BAD BUG
Message-ID: <1991Feb19.033405.15303@kithrup.COM>
Date: 19 Feb 91 03:34:05 GMT
References: <3227@sixhub.UUCP> <1991Feb18.175533.12275@kithrup.COM> <1991Feb19.002252.15194@motcad.portal.com>
Organization: Kithrup Enterprises, Ltd.
Lines: 20

In article <1991Feb19.002252.15194@motcad.portal.com> jtc@motcad.portal.com (J.T. Conklin) writes:
>Was the existance of this bug passed up the chain of command to AT&T and 
>then distributed to all other sysv386 vendors, or did SCO, Dell, and AT&T
>keep it to themselves.  If so, I consider SCO, Dell, and AT&T as much at
>fault as ISC, ESIX, Bell Tech, and Microport.

Uhm... AT&T gave out 3.2.1 to all of its source customers (as far as I know;
everyone's comments [including some people from at&t] in this group seem to
indicate that is the case); Dell, at least, used the AT&T 3.2.1 solution
(whatever it is).  AT&T may have gotten wind of it from SCO; I don't know.
As far as I'm concerned, AT&T acted properly, and SCO does not have any
compulsion (legally, at least, and probably ethicly) to give value added
work (which included bug fixes) back to AT&T.  After all, SCO pays AT&T for
code, not vice-versa.

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef@kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.