Bill Stoddard <[EMAIL PROTECTED]> wrote:
>
>>
>> Some wrote...
>>> ...
>>
>> I must say I'm mystified by this discussion. It seems to be an
>> odd argument between this good practice vs that good practice.
>>
>> Roy's patch is simple, safe, and reduces the exposure substantially to a
>> known threat. I can't see any reason to defer letting it out;
>> particularly now that people have been given a few days to give voice to
>> any technical concerns about it. The worst outcome is that we are
>> embaressed - we can handle that.
>>
>> Certainly it's a good thing to be careful. Giving the right folks
>> a chance to look over a patch for stuff like this is a good thing.
>> Careful is good. It's a lot easier to be careful before the exploit
>> becomes widely known.
>>
>> Leaving the users with no option but to stay exposed, write their own
>> patch, or upgrade is pretty stern medicine for us to be proscribing. It
>> is very hard for some sites to upgrade.
>>
>> Let's put the patch back.
>
> +1
Yes please... As Bill knows we have a problem with the WebSphere module
which is only supposed to run on 1.3.6 (with our version of WebSphere,
anyway)... Given that we're sending that baby in retirement in 2 months, we
didn't renew with IBM, sooo... We're bummed! :) :) :)
Pier (we - my employer and I)
--
[Perl] combines all the worst aspects of C and Lisp: a billion of different
sublanguages in one monolithic executable. It combines the power of C with
the readability of PostScript. [Jamie Zawinski - DNA Lounge - San Francisco]
