From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_004A_01C46A4D.140F4E70
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   It may not be economical if testing is simply not something that =
these folks care about.  The actual change is a tiny part of releasing = an update.

Rich

  "John Beamish"  wrote in message =
news:40f69bc7{at}w3.nls.net...
  (I'm not running Linux.)

  I find that statement "economical with the truth".  Assume that you =
know
  which module to go to.  Check it out, make the change, check it in,
  recompile it, do regression testing (assume the change works and =
doesn't
  break anything), update module documentation, update changelog, update
  bugtracking.   In any serious environment, that's a day's work -- not =
an
  hour.

  What happens next?  Are Linux users expected to d/l the recompiled =
module or
  is there a process to compare the previous version with the new =
version and
  generate some kind of hex patch which gets downloaded and applied?  Or =
what?

  Thanks.

  "Adam Flinton"  wrote in message

  > Security information moves very fast in cracker circles. On the =
other
  > hand, our experience is that coding and releasing of proper security
  > fixes typically requires about an hour of work -- very fast fix
  > turnaround is possible. Thus we think that full disclosure helps the
  > people who really care about security."
  >
  >
  > etc.
  >
  > Adam


------=_NextPart_000_004A_01C46A4D.140F4E70
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   It may
not be economical =
if testing is=20
simply not something that these folks care about.  The actual =
change is a=20
tiny part of releasing an update.
 
Rich
 

  "John Beamish" <JLBeamish AT hotmail DOT
com> wrote in =
message news:40f69bc7{at}w3.nls.net...(I=
'm not=20
  running Linux.)I find that statement "economical
with the=20
  truth".  Assume that you knowwhich module to go
to.  =
Check it=20
  out, make the change, check it in,recompile it, do regression =
testing=20
  (assume the change works and doesn'tbreak anything), update module =

  documentation, update changelog,
updatebugtracking.   In =
any=20
  serious environment, that's a day's work -- not =
anhour.What=20
  happens next?  Are Linux users expected to d/l the recompiled =
module=20
  oris there a process to compare the previous version with the new =
version=20
  andgenerate some kind of hex patch which gets downloaded and=20
  applied?  Or
what?Thanks."Adam
Flinton" <adam_NO_{at}_SPAM_softfab.com=">mailto:adam_NO_{at}_SPAM_softfab.com">adam_NO_{at}_SPAM_softfab.com=
>=20
  wrote in message> Security information moves
very fast in =
cracker=20
  circles. On the other> hand, our experience is that coding and=20
  releasing of proper security> fixes typically requires about an =
hour of=20
  work -- very fast fix> turnaround is possible. Thus we think =
that full=20
  disclosure helps the> people who really care about=20
  security.">>>
etc.>>=20
Adam

------=_NextPart_000_004A_01C46A4D.140F4E70--

--- BBBS/NT v4.01 Flag-5