[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Investigation Report after Server Compromises

On Tue, 02 Dec 2003 23:01:43 -0800, Paul Johnson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, Dec 02, 2003 at 04:11:33PM -0500, Paul Morgan wrote:
>> Ther is always a conflict between security and openness.  MS's approach
>> has always been not to say anything until a fix has been propagated;  they
>> are often criticized for that, but I'm sure they'd be deluged in lawsuits
>> from compromised system owners if they advertised the exploit to bad guys
>> before they had a fix.
> 
> Microsoft could easily sidestep those by pointing to their EULA: You
> agree not to sue them due to faults in their software.
> 

Not just MS.  In the early 70s I used to put a disclaimer at the beginning
of my source code:

"While every effort has been made to test this program to its limits, no
warranty, express or implied, is given as to the adequate functioning
thereof."

:>

-- 
....................paul


"I think that gay marriage is something that should be between a man and
a woman."

-- Arnold Schwarzenegger, Governor of California
Reply to: