From: Adam Flinton 

John Beamish wrote:

> (I'm not running Linux.)
>

&? This is BSD.

> I find that statement "economical with the truth".  Assume
that you know
> which module to go to.  Check it out, make the change, check it in,
> recompile it, do regression testing (assume the change works and doesn't
> break anything), update module documentation, update changelog, update
> bugtracking.   In any serious environment, that's a day's work -- not an
> hour.
>

Depends on the people, the nature of the bug etc. i.e. if it's a private
member/field/method then externally nothing has changed. It is possible
where the problem (& it's scope) is readily ID'ed & there are
people who know that area of code intimately.


> What happens next?  Are Linux users expected to d/l the recompiled module or
> is there a process to compare the previous version with the new version and
> generate some kind of hex patch which gets downloaded and applied?  Or what?
>

BSD has it's own updating mechanism. Again though depends to a degree where
the problem is.

Adam



> Thanks.
>
> "Adam Flinton"  wrote in message
>
>
>>Security information moves very fast in cracker circles. On the other
>>hand, our experience is that coding and releasing of proper security
>>fixes typically requires about an hour of work -- very fast fix
>>turnaround is possible. Thus we think that full disclosure helps the
>>people who really care about security."
>>
>>
>>etc.
>>
>>Adam
>
>
>

--- BBBS/NT v4.01 Flag-5