Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!umd5!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: comp.unix.questions
Subject: Re: Trusting operating systems: vendor or university?
Message-ID: <8061@brl-smoke.ARPA>
Date: 9 Jun 88 22:34:41 GMT
References: <1128@mcgill-vision.UUCP> <55239@sun.uucp> <1133@mcgill-vision.UUCP> <8013@brl-smoke.ARPA> <2737@ttrdc.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 13

In article <2737@ttrdc.UUCP> levy@ttrdc.UUCP (Daniel R. Levy) writes:
># Those few that have taken "quick fix" approaches I've generally found to
># cause more damage than they repair.
>Would you care to give some case histories showing how you found this to
>be so?

I'll give just one example.  Back when I was working for a small
software firm whose products were totally dependent on DEC PDP-11
operating systems and compilers, we got monthly software update
notes (bug fixes).  It didn't take us long to discover that the
way to use them was to wait at least two months to install
suggested patches.  The reason was that a disproportionately
large percentage of the patches themselves were patched, usually
in the next monthly update.