I have been asked to clarify "grumbling." Honestly, I meant exactly what I said in an engineer-literal sense. If you are grumbling you are not alone. I can name two other people who have grumbled semi-publicly about IBM's approach.
I am personally of two minds. I buy into the "modern, UNIX" approach of "put all the vulnerabilities out there where the good guys have access to them as well as the bad guys, and let the good guys publicly vet the remediation." On the other hand I hear IBM when they say that their current approach is what customers have said they want. There are customers -- e.g. this thread -- who install PTFs only relatively infrequently -- certainly infrequently relative to the "modern, UNIX" approach of "get it patched NOW!" Their exposure would be increased by widespread dissemination. I do think IBM needs to somehow better accommodate ISVs. My understanding is that "you have to own a real mainframe" to get access to the security portal. Thus ISVs who own only zPDTs or who rent time at Dallas do not qualify. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Charles Mills Sent: Monday, September 10, 2018 12:54 PM To: [email protected] Subject: Re: Spectre/Meltdown APAR - OA54807 It is a security APAR and details are available only through the Security Portal. And yes, if you are grumbling, you are not alone. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Rob Schramm Sent: Monday, September 10, 2018 12:48 PM To: [email protected] Subject: Re: Spectre/Meltdown APAR - OA54807 Is is something IBM can do verbally via meeting that they are unwilling to detail in the issue(s)? Seems to me there have been some things like this in the past that the only information was provided in closed meetings? But then again.. maybe that was a movie.. need to clean the cobwebs out of the brain today! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
