Path: utzoo!utgpu!watmath!clyde!att!alberta!steve
From: steve@alberta.UUCP (Steve Sutphen)
Newsgroups: comp.unix.wizards
Subject: Re: Internet Virus: SunOS patches
Message-ID: <173@snaring.UUCP>
Date: 19 Nov 88 23:23:00 GMT
References: <76493@sun.uucp> <580@micropen> <426@auspex.UUCP> <447@auspex.UUCP> <584@micropen>
Reply-To: steve@snaring.UUCP (Steve Sutphen)
Organization: U. of Alberta, Edmonton, Alberta, Canada
Lines: 18

In article <584@micropen> dave@micropen (David F. Carlson) writes:
#In article <447@auspex.UUCP>, guy@auspex.UUCP (Guy Harris) writes:
#> >> You can argue, probably justifiably, that they [Sun] should either have turned
#> that, which was simply not true.)
#
#Whether this DEBUG mode is a sin of commission or omission is not terribly
#relavant.  My original point was that even as a binary only System V licensee,
#I was aware of this "problem" in BSD 4.2.  My point was that there should be
#some responsibility of vendors to their customers that includes being aware
#of the several classic security issues and attempting to remedy or at very
#least to disclaim the problem to affected site administrators.  Simply typing
#"make vmunix" and arguing whether the flag is default on or default off evades
#the real issue which is:  why are responsible vendors issuing, as their own,
#software with large KNOWN problems in security and not disclaiming this
#to their customers.

But don't the customers of Sun and others keep clamoring that they want 
Berkeley compatibility :-).