In
<cae1xxdf4ymwddo66fc7iuiomtfx+eclv-ngxp52yddjpevo...@mail.gmail.com>,
on 05/21/2013
at 09:54 AM, John Gilmore <[email protected]> said:
>Security via obscurity---Let's not talk about this; it may go away;
>and we certainly don't want anyone else to know about it---is a
>delusionary notion in all but the very short term.
I once reported a security hole that had been around for decades. It
seemed obvious to me, but I'm not aware of any exploits in the wild.
>(There is a case to be made for not talking about some newly
>discovered security exposure over an interval of a very few days\
>to 1) give oneself time to protect against it and 2) in order not
>actively to encourage copycats.)
Adequate QA on the fix will take more than a few days. Once IBM makes
a gix available, it will take more than a few days for most shops to
install it.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2 <http://patriot.net/~shmuel>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
