Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!mips!daver!tscs!tct!chip
From: chip@tct.uucp (Chip Salzenberg)
Newsgroups: comp.unix.sysv386
Subject: Re: posting bug-tickling source was a Good Thing
Message-ID: <27C19F5B.1794@tct.uucp>
Date: 19 Feb 91 21:57:46 GMT
References: <1991Feb12.200752.2772@vort.uucp> <K46NU5L@dobag.in-berlin.de> <1991Feb17.001157.8151@chinet.chi.il.us>
Organization: Teltronics/TCT, Sarasota, FL
Lines: 24

According to pdg@chinet.chi.il.us (Paul Guthrie):
>Posting the source code and binary was very irresponsible.  Some of
>us were working through ISC's support channels to get this fixed
>(and had been promised results).
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

And you *believed* them?  Foolish earthling!

ISC and Everex have been sitting on this bug for *years*.  That's
right, *years*.  And you call the *whistle-blower* irresponsible?!

Posting the source code was a last, desperate attempt to provoke
action.  Fortunately, it seems to have worked.  Considering the
ramifications of the bug, posting source was entirely appropriate.

Remember:

    "It's not a security hole, it's a SECURITY ABYSS."
               -- Christoph Splittgerber

-- 
Chip Salzenberg at Teltronics/TCT     <chip@tct.uucp>, <uunet!pdn!tct!chip>
 "I want to mention that my opinions whether real or not are MY opinions."
             -- the inevitable William "Billy" Steinmetz