Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!cit-vax!oberon!poisson.usc.edu!mlinar From: mlinar@poisson.usc.edu.UUCP Newsgroups: comp.os.vms Subject: Re: posting security patch Message-ID: <2589@poisson.usc.edu> Date: Mon, 8-Jun-87 14:30:02 EDT Article-I.D.: poisson.2589 Posted: Mon Jun 8 14:30:02 1987 Date-Received: Sun, 14-Jun-87 01:37:23 EDT References: <8706080744.AA11345@ucbvax.Berkeley.EDU> Reply-To: mlinar@poisson.usc.edu.UUCP (Mitch Mlinar) Distribution: world Organization: University of Southern California, Los Angeles Lines: 33 In article <8706080744.AA11345@ucbvax.Berkeley.EDU> JMS@ARIZMIS.BITNET writes: >AWALKER asks "why not post the patch?" > >The reason is that software maintenance is something you pay >for. There are lots of folks out there that don't pay for >software maintenance, and thus are not "entitled" to >any patch by Digital. The patch is copyright Digital Equipment >Corporation, and anyone that distributes it is (a) violating >copyright laws and more likely (b) putting their own software >maintenance contract at risk. If Digital catches you putting > ..... >to get it from some other customer. I believe that the local >office also has enough latitude to give you such a patch >even if you're not on maintenance (although this may be a >local *informal* decision). > So what you are saying in effect is that if you did not buy a maintainance agreement for your car and the manufacturer discovered that every key works in every car, they will not tell you how to fix it? Maybe this is a poor analogy, but *bug* fixes are one thing and SECURITY problems are another. In particular, if you bought the product to have a secure o.s. and it is NOT, the manufacturer made a false claim and IS liable. Before this drops to namecalling, it seems that DEC is very sensitive about this bug/patch and, as far as I can tell, is providing the information regardless of maintainance agreement - it is just more difficult if you do not have one. Unlike other bugs, this one has some legal footing for non- maintainance agreement customers, so this is a wise move. -Mitch