Mike, > The main reason is that by publishing this vulnerability With made my system > a target for possible hackers. Now I MUST buy protection (sounds like 1930s > Chicago).
Just for the record. 1 With Enterprise did not find this vulnerability, we were just notified of its existence. 2 With Enterprise were not the ones who make it public - this was done by an independent third party. 3 With Enterprise did not post how to exploit this vulnerability, a third party did this. What With Enterprise did do was to respond as rapidly as possible with a fix for our customers to ensure that there was a fix available before the vulnerability went public. > But then I do not understand their position in protecting a > product they do not want to have anything to do with. Remember this thread > started when somebody asked about availability to a Tango Mac version of old > software. This is a public list and we cannot tolerate the promotion of illegal activities via the list be it our product or a product owned by another company. Plain and simple. > Besides, after all, it seems they are the only ones in the position to > correct the code, since they have it. And incidentally I do not believe it > is very difficult to do so; probably just a matter of hours. At this point I > am sure that not providing a fix is basically a marketing decision. This has nothing to do with marketing. It is purely technical reasons. As everyone knows, the T2K code was retired over 3 years ago - and the last build was built well before that. The T2K code which we purchased relied on interfaces, libraries and compilers which were outdated and therefore not licensable when we acquired the product. Some of the libraries dated back to 1997. These issues forced us to create a new server which used the latest interfaces, libraries and compilers. As stated in my previous email there are technical reasons why it is impossible to do the T2K build you ask for. > How do companies survive by providing service-packs? By also establishing a > good relationship with their customers. I believe that the Witango 5 server users can judge our performance on how well we respond to fixes in the Witango 5 Server when they are reported to us. > As far as I understand this business, bug fixes and especially > VULNERABILITIES should be offered free, and new features (upgrades) should > be offered at a cost. There has been no cost for any fix for any user of the Witango 5 Server. What With Enterprise can do to help the T2K (and Tango 3) users is let them know that the vulnerability exists and was made public, assist them in bringing their applications up to date as soon and as seamlessly as possible. Both of which we are endeavouring to do. Please do not hesitate to contact us if you require our assistance. Any Tango 3 users should also contact us if they require assistance in upgrading. Phil ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
