Path: utzoo!mnetor!tmsoft!torsqnt!lethe!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!cs.utexas.edu!chinacat!uudell!Kepler!mjhammel
From: mjhammel@Kepler.dell.com (Michael J. Hammel)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Message-ID: <15304@uudell.dell.com>
Date: 19 Feb 91 21:38:41 GMT
References: <15297@uudell.dell.com> <446@bria> <KR3NBQQ@dobag.in-berlin.de> <1991Feb12.085747.8468@specialix.co.uk> <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM>
Sender: news@uudell.dell.com
Reply-To: mjhammel@Kepler.dell.com (Michael J. Hammel)
Organization: Dell Computer Corp.
Lines: 21

In article <15297@uudell.dell.com>, mjhammel@Kepler.dell.com (Michael J.
Hammel) writes:
> The point is that if the reseller of the product does not have the
> resources to retest what was delivered by the original developer then
> the reseller isn't going to do so.  Why can't the reseller expect that
> the original developer had fully tested the original product?  The
> reseller should only have to be responsible for what the reseller
> modifies (and anything that might get broke because of those
> modifications).  However, if the reseller wishes to save face, it will
> make every attempt to fix things that it didn't break anyway.  :-)

[ rest of previous post deleted ]

Just thought I'd better add that my last posting was not in defense of
ISC (or anyone else for that matter) shipping broken code.  It was just
generalization on the problems of large scale software development projects.  

Michael J. Hammel        | mjhammel@{Kepler|socrates}.dell.com
Dell Computer Corp.      | {73377.3467|76424.3024}@compuserve.com
#include <disclaim/std>  | zzham@ttuvm1.bitnet | uunet!uudell!feynman!mjhammel
#define CUTESAYING "Lead, follow, or get the hell out of the way."