Xref: utzoo comp.protocols.tcp-ip:5263 comp.unix.wizards:12250
Path: utzoo!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!ucsdhub!ucsd!net1!hutch
From: hutch@net1.ucsd.edu (Jim Hutchison)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: a holiday gift from Robert "wormer" Morris
Message-ID: <1245@ucsd.EDU>
Date: 10 Nov 88 00:00:37 GMT
References: <11226@cgl.ucsf.EDU>
Sender: nobody@ucsd.EDU
Reply-To: hutch@net1.UUCP (Jim Hutchison)
Distribution: na
Lines: 29

In <11226@cgl.ucsf.EDU> seibel@hegel.mmwb.ucsf.edu.UUCP (George Seibel) writes:
> [...] If that's
>the way people want it, then let's be up front and print a warning on
>each copy of system software that ships:  "Congratulations!  You just
>bought a fine copy of Unix.  Don't keep any files you care about on it."

You would prefer VMS where you can read the documentation to find out how
to break security?  Or how about a system with no features?

If you boadcast a bug, and its fix/patch, you take responsibility for that
patch.  You also risk letting loose all sorts of mayhem on systems where
the system manager is lazy or on vacation.  Binary sites are particularly
limited in the number of fixes they can apply.  So out go the fixes quietly,
and perhaps only locally.  Here we are.

Do you have a good answer, or are you just going to indulge yourself in
a good screaming fit?

>If we have security holes on our machines that are well known, and we
>do nothing to patch those holes, we are asking for trouble.

True.  But not real.  Many people spend a great part of their waking
hours monitoring and fixing the system, locally and for others.  Don't
be viscious and ignore their hard work.

>George Seibel
/*    Jim Hutchison   		UUCP:	{dcdwest,ucbvax}!cs!net1!hutch
		    		ARPA:	JHutchison@ucsd.edu
     These are my opinions, and now you have your perceptions of them. */