> -----Original Message----- > From: Ron DuFresne [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 14, 2004 2:41 PM > To: Tremaine Lea > Cc: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] The new Microsoft math: 1 > patch for 14 vul nerabilities, MS04-011 > > > > [SNIP] > > > > > This merely begs the question, why do they not then release the > > patches as both? A single "patch'em all" one for single users and > > those who can afford to implement patches this way, and a > broken out > > set of the patch that can be more thoroughly tested in larger scale > > environments where the big patch solution doesn't work. > > > > > a major contributing factor is dependencies, and as others > pointed out we are seeing more and more of that in the linux > desktop realm as well, and even in the other major unix > vendor realms too. you can't often fix one little .exe or > .com file iin an env whence the browser acts as the kernel > which acts as then shell which acts as an individual > applicaton that replaces 20 applications once produced by > various vendors now bought out and sucked into the core > OS...but, redhat already is the 'windows' of the linux world > and suse is not far behind if it remains so now. > > > Thanks, > > Ron DuFresne
In cases such as you describe, obviously a single patch is preferred. I was referring more to instances where there are numerous fixes included in a single patch that could as easily be made available as individual patches. While I'm a self confessed linux fan, we also have our share of exploits and users who don't maintain a reasonable level of security on their systems. I know a large number of linux users who don't subscribe to the mailing lists for their distro and so are often unaware of a problem until I bring it up in casual conversation ;) Users are users, and while I like to think that linux users tend to be more Clued (tm) than Windows users... There are plenty of glaring exceptions. Cheers, Tremaine _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
