In <[EMAIL PROTECTED]>, on 08/19/2006
at 10:37 AM, Paul Gilmartin <[EMAIL PROTECTED]> said:
>If you are aware of further ways that "would be APARable", I'll
>suggest that it's your ethical responsibility, not to disclose them
>or even hint of their existence in a pubic forum, but to initiate the
>APAR. I'd guess Walt F. could suggest secure channels for a PMR that
>contains information that shouldn't even be known to IBM L1. (But
>how do we know that we can trust what Walt appears to say, any more
>than the E-mails I regularly receive telling me I must log in to
>revalidate my account)
If I discover a security breach, what realistic choice do I have about
trusting the IBM personnel responsible for handling the ETR? If I
don't trust them it won't get fixed, and if I figured out the bug then
it's dollars to donuts that eventually someone else will as well. I
want it fixed before I get burned by it.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
