Len Rose wrote: > NOTE: These are personal opinions and as such I do not speak > for any entity other than myself.
> It's been quite a while for those who rely on ssh and sendmail, > so generally everyone eventually is forced to ditch "official" > versions of ssh and sendmail in favour of building these critical > pieces of software from source from the open source development > teams. Furthermore, you can't be sure that a maintainance upgrade introduces code with known, widely-published security issues (so seen with BIND). And no, you aren't told at once. 8-( Let's face it, if you run Solaris, you don't do that for its security. Sun customers as a whole have a wide range of priorities, and security is just one of them. In some environments where Sun servers are traditionally used, I can fully understand that it's more important to fix certain non-security defects or deliver additional features. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
