From: Adam Flinton 

Geo. wrote:

> "Adam Flinton"  wrote in message
> news:2091e6.4d3a8f{at}harborwebs.com...
>
>
>>>Yes it does.
>>
>>So then Turbo Linux would be responsible for any DB2 holes?
>
>
> Not responsible for the holes, responsible for the patches.
>
>
>>So if Sony or Dell chuck out machines preloaded with Windows + WinDVD &
>
> adobe
>
>>PDF viewer etc.etc. then are any security vulns a Dell/Sony problem or an
>
> app
>
>>problem or a MS problem?
>
>
> You keep throwing hardware into this, this is a software issue.

I'm not. It's a matter of bundling. A linux distrib is linux + a load of
other things "bundled" e.g OpenOffice or GAIM or Mozilla, all of
which also work on windows. Rich was trying to divert from
"linux" onto a specific distrib & then to add all the bundled
apps with holes as "linux holes". i.e. if Moz had a hole Rich
would count that as a Linux hole but oddly not as a windows one. How
unsurprizing. GAIM is a very good example as it is available for both
Windows & Linux but heck guess what....it's a "linux hole".

> How about
> this, Some programming language library has a bug, who's responsible for
> patches, the people who wrote the language or the people who wrote the
> applications that are being exploited?
>
> Geo. (the correct answer is both, but the end user is only concerned with
> the app vendor)
>

Yes & no. Imagine I have an app built on Oracle on Windows. Who is
responsible? Me? Oracle? MS? The answer is it depends where the problem is.
You can't expect me to be responsible for Windows any more than it would be
OK to ring up Oracle & say "I knocked a pot of water onto the
server & now it won't work so it must be your fault".

Adam

--- BBBS/NT v4.01 Flag-5