Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 81938
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Too slow...
by jsight on Thu 5th Jan 2006 03:27 UTC in reply to "RE: Too slow..."
jsight
Member since:
2005-07-06

No, that's not always what happens. This issue has been known to MS (and the world) for at least a couple of weeks now, and they still haven't issued a patch.

Red Hat, Novell, etc, would never take that long to issue a patch for an issue with the severity of this one.

Reply Parent Score: 3

RE[3]: Too slow...
by gonzo on Thu 5th Jan 2006 04:28 in reply to "RE[2]: Too slow..."
gonzo Member since:
2005-11-10

Red Hat, Novell, etc, would never take that long to issue a patch for an issue with the severity of this one.

How did you figure that one out?

Because.. super-guru-coders work at RH and Novell and at MS we have a bunch of kids?

Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?


Here's what Ilfak Guilfanov says about it, but I guess you know better, right?

There is also a sense of division among those who want Microsoft to deliver the update now, as opposed to waiting until its monthly patch release on Jan. 10. What do you think Microsoft should do?

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.


Rest of the interview http://news.com.com/Beating+Microsoft+to+the+punch/2008-7355_3-6018...

Reply Parent Score: -1

RE[4]: Too slow...
by Celerate on Thu 5th Jan 2006 05:44 in reply to "RE[3]: Too slow..."
Celerate Member since:
2005-06-29

"Because.. super-guru-coders work at RH and Novell and at MS we have a bunch of kids?"

So far you're the only one in this thread to have said that either directly or indirectly.

"Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"
That's a common myth actually.

Linux is not all developed by one entity, the software packaged by RH and the like are developed outside of the company. Red Hat simply packages and distributes that software with a price tag on it so they get a return for the work they did: taking different packages that would otherwise be separate, and bundling them together into a Linux distribution. Red Hat doesn't produce it's own patches for the software if there already is one, and the developers who contribute to open source software often write those patches first because they hear about it first and it's primarily their responsability. If someone, whether their customer or not, writes a patch first of their own volition it's hardly fair to claim that Red Hat is making it's customers roll out their own updates. I have heard of Linux distributors putting together their own patches before, but usually the people responsible for the vulnerable software get to it first or a patch is contributed. And even if Red Hat doesn't get to writing the patch first, they're still the ones that review the code before including it, package it, and take care of putting it up on a package repo so other's can get it.

Reply Parent Score: 4