From: "John Beamish" 

(I'm not running Linux.)

I find that statement "economical with the truth".  Assume that
you know which module to go to.  Check it out, make the change, check it
in, recompile it, do regression testing (assume the change works and
doesn't break anything), update module documentation, update changelog,
update bugtracking.   In any serious environment, that's a day's work --
not an
hour.

What happens next?  Are Linux users expected to d/l the recompiled module
or is there a process to compare the previous version with the new version
and generate some kind of hex patch which gets downloaded and applied?  Or
what?

Thanks.

"Adam Flinton"  wrote in message

> Security information moves very fast in cracker circles. On the other
> hand, our experience is that coding and releasing of proper security
> fixes typically requires about an hour of work -- very fast fix
> turnaround is possible. Thus we think that full disclosure helps the
> people who really care about security."
>
>
> etc.
>
> Adam

--- BBBS/NT v4.01 Flag-5