Xref: utzoo news.admin:3910 news.sysadmin:1227
Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!rutgers!sunybcs!bowen
From: bowen@cs.Buffalo.EDU (Devon E Bowen)
Newsgroups: news.admin,news.sysadmin
Subject: Re: A *Big* Thank You
Message-ID: <2548@cs.Buffalo.EDU>
Date: 9 Nov 88 04:35:08 GMT
References: <361@itivax.UUCP> <367@execu.UUCP> <1294@tmpmbx.UUCP> <2517@cs.Buffalo.EDU> <4578@ptsfa.PacBell.COM>
Reply-To: bowen@sunybcs.UUCP (Devon E Bowen)
Organization: SUNY/Buffalo Computer Science
Lines: 37

In article <4578@ptsfa.PacBell.COM> jmc@ptsfa.PacBell.COM (Jerry Carlin) writes:
>Being mostly a V-oid, I did not know sendmail was holey. Anyone who did 
>and did not contribute to getting it fixed is at least as guilty
>as the perpetrator. 
>
>I'm getting really tired of 'we' (the in crowd) knew there was a problem
>so we did not feel we had to do anything. The rest of us did not know the
>problem existed.

Never let it be said that I don't do my part...

I'm writing this as a public notice that the sendmail daemon is still a
security hole. If you feel strongly about this, please shut off your sendmail
daemon. I prefer to run mine so that I can continue to receive mail via the
Internet.

>The arguement that 'why should we fix anything because there will be some
>holes in the future' is equivalent to 'why should we have medicine because
>there will always be disease'. It does not wash.

That's not the argument I make. My argument is that I'd rather spend my
time making advancements in the field of computer science than patching
security holes. I think you'll agree that what I do with my time and efforts
is my business.

I don't think that one of these scares every couple of years is worth the
bother. Sure, if it had been a virus and had wiped out my disks, it would
have been a pain and I would have had to restore from tape dumps. But being
paranoid takes a lot of time, too. And I don't think it's worth it.

If you want every ounce of security you can get, you should be running VMS.
I'll stick with BSD, though.


Devon Bowen (KA2NRC)		FAX:	   (716) 636-3464
University at Buffalo		BITNET:    bowen@sunybcs.BITNET
				Internet:  bowen@cs.Buffalo.EDU
UUCP: ...!{ames,boulder,decvax,rutgers}!sunybcs!bowen