Re: Debian Investigation Report after Server Compromises
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Dec 03, 2003 at 01:58:11PM -0800, Vineet Kumar wrote:
> Sidestepping lawsuits from a million angry customers isn't really a
> "win".
You're right. Which is why I really wish Bugtraq didn't wait around
before publishing their findings. Customers have a right to know what
they got screwed into buying.
> If their customers can hear about a problem only when it's been fixed,
> it makes Microsoft look like the good guys: "Hey, by the way, we fixed
> this problem you didn't even know about." If there's an exploit in the
> wild before a fix is available, the PHBs hear it on the local news
> first, which is not good. It's not about lawsuits, it's just simple
> business sense -- you have to keep your customers happy.
Why not get it mostly right the first time? This is the first
compromise of debian.org I've heard about, which says something.
- --
.''`. Paul Johnson <baloo@ursine.ca>
: :' :
`. `'` proud Debian admin and user
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/zpAnUzgNqloQMwcRAuL+AKCmWxBOaXovKd+9waICAPAMUjwMTACgu8cP
K3BjyadqsBU8CikJbdu5qIE=
=YJWN
-----END PGP SIGNATURE-----
Reply to: