[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 438 - bad server time, bad kernel version or information delayed?

On Saturday 21 February 2004 01.10, Matt Zimmerman wrote:
> On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
> > I think this is the time where I'd like to see some hard data. Which
> > DSA's would possibly have been released differently if such a
> > reorganisation would have been in place?
> Absolutely none.  The proposed "reorganization" was basically to create a
> new security team out of thin air, not tell them about anything, and expect
> bugfixes sooner.  It was nonsense.
> > [misinformation about CERT deleted]

Sorry for that - replace CERT by $GROUP_OF_VENDORS in all places. I was under 
the impression CERT did the coordinating. I should do the research, I know...

> Those last two cases are equivalent.  Think about it.
> The former is "entity publishes information".  The latter is "entity
> discloses information to a 'select' group of people which then turns around
> and publishes it".

Yes, that's the only difference.

> Why would anyone do that instead of publishing the 
> information themselves?  If they wanted it to be widely known, they would
> make it so.

People do things for the strangest of reasons...

I just thought that this would be the only scenario where I could think that a 
split security team could possibly act differently than the current security 

And it's only *could* act differently - so we have a very unlikely scenario, 
so this shows that the proposal to split the security team (or create a 2nd 
team, whatever) is really stupid.

-- vbi

Available for key signing in Zürich and Basel, Switzerland
                     (what's this? Look at http://fortytwo.ch/gpg/intro)

Attachment: pgpdYv93CvLIP.pgp
Description: signature

Reply to: