From: "Geo." 

"Mike '/m'"  wrote in message
news:g384vuo4j1mkedg63kv9rbtugeki89oduv{at}4ax.com...

> While *I* have not coded a patch, I have used temporary patches that
> others have supplied to tide me over until "the guy who wrote the
> software" supplied the official patch.

If you didn't code the patch then what good did having the source do for
you? You talk about using third party patches, sort of like the ones that
were released for IIS or the configuration options I posted for NTmail
exploits?  Nobody needs the source code to IIS to write an ISAPI filter or
to change a system variable.

Who patched BIND? Who patched Apache? Who patched Sendmail? Next you are
going to tell me that you just grab code off the internet that someone you
don't know the first thing about wrote and compile it into your Kernel?

Maybe the guys on the security lists can pull something like that off but
even they argue about how it should be patched and even the security lists
have patches posted to them with back doors coded into the patch. You can't
patch a trusted system with untrusted code.

Geo.

--- BBBS/NT v4.01 Flag-4