> shouldnt this be something SUN addresses in a patch sometime?.. perhaps > soon?!
Sure - in an ideal world. Like any OS vendor Sun was notified about the security hole upfront - back in the second half of January. Other Unix / Linux distributors have released their patches either yesterday or today - because they followed up on the early warnings behind the scene and had ample time to line up their ducks, to prepared their patches and to run them through Q&A extensively. Sun hasn't? Now that sounds familliar. I'm still taking bets on when we see an official patch. If it's here before the end of the month, then I'd be surprised. Sun's usual turn around time for patches (in case of critical holes) is 4-6 weeks - *after* the hole has been announced to the public. In case of uncritical holes they'll tend to sit 'em out without offering patches. Go figure. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
