Re: Debian Investigation Report after Server Compromises
On Tue, 02 Dec 2003 23:01:43 -0800, Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, Dec 02, 2003 at 04:11:33PM -0500, Paul Morgan wrote:
>> Ther is always a conflict between security and openness. MS's approach
>> has always been not to say anything until a fix has been propagated; they
>> are often criticized for that, but I'm sure they'd be deluged in lawsuits
>> from compromised system owners if they advertised the exploit to bad guys
>> before they had a fix.
>
> Microsoft could easily sidestep those by pointing to their EULA: You
> agree not to sue them due to faults in their software.
>
Not just MS. In the early 70s I used to put a disclaimer at the beginning
of my source code:
"While every effort has been made to test this program to its limits, no
warranty, express or implied, is given as to the adequate functioning
thereof."
:>
--
....................paul
"I think that gay marriage is something that should be between a man and
a woman."
-- Arnold Schwarzenegger, Governor of California
Reply to: