Xref: utzoo news.admin:3973 news.sysadmin:1391
Path: utzoo!attcan!uunet!husc6!cmcl2!nrl-cmf!ukma!psuvm.bitnet!cunyvm!ndsuvm1!ndsuvax!numccann
From: numccann@ndsuvax.UUCP (Lester I. McCann)
Newsgroups: news.admin,news.sysadmin
Subject: Re: A *Big* Thank You
Message-ID: <1747@ndsuvax.UUCP>
Date: 8 Nov 88 16:04:09 GMT
References: <361@itivax.UUCP> <367@execu.UUCP> <1294@tmpmbx.UUCP> <270@eda.com>
Reply-To: numccann@ndsuvax.UUCP (Lester I. McCann)
Organization: North Dakota State University, Fargo
Lines: 29


In article <270@eda.com> jim@eda.com (Jim Budler) writes:
>
>For now I feel these two security lists are to be *actively* encouraged
>perhaps now they can actually be funded. It sounds like they are going
>to be set up as a cooperating duo, one open, but carrying details only
>on how to close holes, with an attempt to not convey information to
>aid breaking. The other is the problem. With my corporate charter, I
>need the more detailed, but the qualification *has* to be tighter.
>
>uucp:     {decwrl,uunet}!eda!jim        Jim Budler
>internet: jim@eda.com                   EDA Systems, Inc.

I think it would be a mistake to selectively censor security information.
It gives me the feeling that a certain priviledged few will get to
say that the rest of us can't handle the knowledge.  In this situation
one can make a case that such caution is warranted, but I fear that this
setup may encourage even more stalling on security modifications.  I can
envision some system administrators becoming overconfident because they
believe no one but other sysadmins know where the bugs are.  And if no one
else knows, why spend the time and money to fix the problems?

I'm not saying that any of this will actually happen.  But, I do think that
if everyone knows about the problems and if they are discussed openly, we'll
all be more knowledgable about the risks, we'll be better able to deal
with possible future troubles, and we'll be better able to prevent a
repeat performance.

Lester McCann
numccann@plains.nodak.edu
numccann@ndsuvax.bitnet