From: Adam Flinton 

Geo. wrote:

> "Adam Flinton"  wrote in message
> news:90929c.534a41{at}harborwebs.com...
>
>
>>>Depends on how it's bundled. If it's on it's own CD that Real provides
>
> and
>
>>>MS just has to include it in the box with windows much like you get AOL
>
> CD's
>
>>>when you buy a cheeseburger then no I wouldn't consider MS responsible
>
> for
>
>>>patching it.
>>
>>Why not? They are distributing the software. It may "come with
windows".
>>According to Rich if it's part of the "distribution" then
MS will be
>>responsible for providing the fixes etc.
>
>
> Because it's being distributed not as part of the distribution but as a
> separate product where they are just distributed as a group. A patch on a
> separate product does not require me to replace the windows CD, the windows
> CD wasn't defective, the separate AOL CD was and whoever produced that CD is
> responsible for it if it's defective.
>
>
>>When have they replaced CD'es because they were exploitable & hence
>
> defective?
>
> Never, but they provide patch CD's (service pack CD's) and they are
> responsible for updating the distribution (W2K with sp1, W2K with sp4, etc)
>
>
>>I have a Win XP disk which is only 6 months or so old & no replacement so
>
> far.
>
> If it was up to me I'd make them at the very least make an ISO available for
> download so you could replace the defective CD with one that's not
> defective. Laws haven't caught up yet but I hope they will someday.
>
>
>>& if Real or WinAmp or Mozilla came "in the box" then
MS is distributing
>
> it &
>
>>hence MS is (according to Rich) responsible for fixing those apps.
>
>
> There you go with the phrasing again. Forget "in the box"
and think of it as
> part of the distribution or separate from the distribution. I buy a
> cheeseburger and I get an AOL CD "in the box" but it's not part of the
> cheeseburger.
>
>
>>>I do not consider sampler CD's to be part of the distribution. If the CD
>
> is
>
>>>labeled Mandrake CD2 then I do consider it part of the distribution.
>>
>>They're proper apps. They're just not "free" (as in
speech) & thus can't
>
> be on
>
>>the main CD'es. An example would be say the sun JVM.
>
>
> why can't they be on the main CD's?
>
>
>>Ah right so all Mandrake or RH need to do is to provide the actual base
>
> linux
>
>>stuff on one CD & then put all the 3'rd party apps onto another
CD & job
>
> done
>
>>wrt distributing fixes?
>
>
> Yes, pretty much that's all they have to do is create a distibution less all
> the apps and then include a "sampler" CD with all the apps.
Now if there is
> an exploit for Gaim the distribution doesn't require an update so it's no
> longer an issue.
>

Why call it a "sampler" surely "3'rd party
applications" or "applications not written by Red Hat" will
do.


>
>>SQLServer is MS'es own product. GAIM & Mutt aren't Mandrake's or RH's
>
> product.
>
> Well at least you recognize SQLserver as a separate product.. 
>

It's surprizing you don't recognize GAIM as a separate product.

I'm sure these people will disagree:

"Gaim
Copyright (C) 1998-2004 by the following:

If you have contributed to Gaim, you deserve to be on this list. Contact us
(see: AUTHORS) and we'll add you.

Paul A
Daniel Atallah
Patrick Aussems
Kevin Barry
Brian Bernas
Jonas BirmŽC
Ethan Blanton
Joshua Blanton
Herman Bloggs
Jason Boerner
Graham Booker
Craig Boston
Chris Boyle
Jeremy Brooks
Philip Brown
Sean Burke
Cerulean Studios, LLC
Ka-Hing Cheung
Arturo Cisneros, Jr.
Vincas Ciziunas
Joe Clarke
Todd Cohen
Felipe Contreras
Jeramey Crawford
Mark Doliner
Nuno Donato
Jim Duchek
Tom Dyas
Andrew Echols
Sean Egan  Brian Enigma
Stefan Esser
Larry Ewing
Jesse Farmer
Gavan Fantom (gavan)
Rob Flynn 
Nathan Fredrickson
Chris J. Friesen
Free Software Foundation
Decklin Foster
Adam Fritzler
Max G.
Ignacy Gawedzki
Michael Golden
Ryan C. Gordon
Christian Hammond
Benjamin Herrenschmidt
Andy Harrison
G. Sumner Hayes
Mike Heffner
Iain Holmes
Karsten Huneycutt
Akuke Kok
Gary Kramlich
Tero Kuusela
Scott Lamb
Dennis Lambe Jr.
Ho-seok Lee
Moses Lei
Ambrose C. Li
Nicolas Lichtmaier
Artem Litvinovich
Syd Logan
Uli Luckas
Matthew Luckie
Brian Macke
Paolo Maggi
Willian T. Mahan
John Matthews
Ryan McCabe
Robert McQueen
Robert Mibus
Benjamin Miller
Kevin Miller
Paul Miller
Arkadiusz Miskiewicz
Andrew Molloy
Padraig O'Briain
Matt Pandina
Ricardo Fernandez Pascual
Havoc Pennington
Ari Pollak
Robey Pointer
Nathan Poznick
Brent Priddy
Federicco Mena Quintero
David Raeman
Etan Reisner
Kristian Rietveld
Tim Ringenbach
Andrew Rodland
Neil Sanchala
Carsten Schaar
Luke Schierer
Evan Schoenberg
Torrey Searle
Jim Seymour
John Silvestri
Alex Smith
David Smock
Mark Spencer 
Lex Spoon
Kevin Stange
David Stoddard
Sun Microsystems
M†rten (fursten) Svantesson
Brian Tarricone
Peter Teichman
Philip Tellis
Arun A. Tharuvai
Douglas (douglaswth) Thrift
Stu Tomlinson
Bill Tompkins
Tom Tromey
Junichi Uekawa
Bjoern Voigt
Nathan Walp
Eric Warmenhoven
Dan Willemsen
Jason Willis
Matt Wilson
Ximian
Marco Ziech
Jaroen Zwartepoorte"


>>Are right so simply changing the label will make all the difference?
>
>
> Yes. If Gaim is presented as part of "RedHat Linux" then
responsibility for
> providing patches falls on the RedHat folks. If it's presented as a free
> sample they just happen to give you when you buy RHL then it's presented as
> a separate product and it's understood that you may have to go to a
> different vendor to buy an enhanced version or get patches or whatever, it's
> not part of the product called RedHat Linux, it's an extra they threw in to
> get your business. Like a Brand X toaster when you open a checking account,
> if the toaster breaks you don't go back to the bank you go to the toaster
> manufacturer, but if it's a Bank One Toaster then it's their responsibility
> to provide repairs. Same toaster, different label.
>

Fine but Linux ain't Red Hat. Rich'es point was "oh look at the
security advisories for Red Hat ...ergo "linux has security
problems" ..etc. Whereas if you go & grab a minidistrib which
loads from a cd or floppy it's not got GAIM but is linux. So then either
Gaim ain't a "linux" problem or it's a security problem for both
Windows & Linux.


>
>>Even if the directory the 3'rd party rpm'es are in is labelled
"3'rd party
>>applications"?
>
>
> Nope, because once again if a flaw is found now the CD is defective and
> whoever produced that CD is responsible for defects.
>
Fine, that's a distributor problem. It ain't a "linux" problem per se.

Adam

--- BBBS/NT v4.01 Flag-5