Xref: utzoo comp.unix.wizards:12613 news.sysadmin:1583
Path: utzoo!attcan!uunet!husc6!bloom-beacon!tut.cis.ohio-state.edu!mailrus!uflorida!haven!mimsy!aplcen!aplcomm!trn@aplcomm.jhuapl.edu
From: trn@aplcomm.jhuapl.edu (Tony Nardo)
Newsgroups: comp.unix.wizards,news.sysadmin
Subject: Re: The Internet Virus--Another issue
Message-ID: <2490@aplcomm.jhuapl.edu>
Date: 18 Nov 88 12:45:40 GMT
References: <1460@ucsfcca.ucsf.edu. <236@bigbroth.UUCP. <5365@medusa.cs.purdue.edu. <654@optilink.UUCP> <7715@boring.cwi.nl>
Sender: news@aplcomm.jhuapl.edu
Reply-To: trn@aplcomm.jhuapl.edu (Tony Nardo)
Organization: Johns Hopkins University/APL (Baltimore, Md.)
Lines: 23

In article <7715@boring.cwi.nl> jack@cwi.nl (Jack Jansen) writes:
>So far, only Sun has done something similar by posting instructions
>on patching sendmail and a replacement for fingerd to the net (and,
>I assume that they'll also snail-mail it to the poor customers
>without net access). Applause, but where are the others?

And this was a half-measure.  SUN's code to fix another 'finger' bug is,
I am told, "in the system", but has yet to be released to the public.
Also, was it SUN that released the patched ftpd sources?  I'm not sure,
but I don't think so.

I don't wish to pick on SUN alone.  It would sure be nice if vendors could
maintain a system on the network, reachable via anonymous ftp, containing
the patched sources/objects/binaries for bugs found in their operating
systems.  Granted, this wouldn't guarantee 100% coverage for distribution
of patches, but it would be an awfully good start.

==============================================================================
ARPA, BITNET:   trn@aplcomm.jhuapl.edu
UUCP:		{backbone!}mimsy!aplcomm!trn

DISCLAIMER:  These are my opinions, and not necessarily those of JHU/APL.
==============================================================================