Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 81950
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Too slow...
by gonzo on Thu 5th Jan 2006 04:28 UTC in reply to "RE[2]: Too slow..."
gonzo
Member since:
2005-11-10

Red Hat, Novell, etc, would never take that long to issue a patch for an issue with the severity of this one.

How did you figure that one out?

Because.. super-guru-coders work at RH and Novell and at MS we have a bunch of kids?

Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?


Here's what Ilfak Guilfanov says about it, but I guess you know better, right?

There is also a sense of division among those who want Microsoft to deliver the update now, as opposed to waiting until its monthly patch release on Jan. 10. What do you think Microsoft should do?

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.


Rest of the interview http://news.com.com/Beating+Microsoft+to+the+punch/2008-7355_3-6018...

Reply Parent Score: -1

RE[4]: Too slow...
by Celerate on Thu 5th Jan 2006 05:44 in reply to "RE[3]: Too slow..."
Celerate Member since:
2005-06-29

"Because.. super-guru-coders work at RH and Novell and at MS we have a bunch of kids?"

So far you're the only one in this thread to have said that either directly or indirectly.

"Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"
That's a common myth actually.

Linux is not all developed by one entity, the software packaged by RH and the like are developed outside of the company. Red Hat simply packages and distributes that software with a price tag on it so they get a return for the work they did: taking different packages that would otherwise be separate, and bundling them together into a Linux distribution. Red Hat doesn't produce it's own patches for the software if there already is one, and the developers who contribute to open source software often write those patches first because they hear about it first and it's primarily their responsability. If someone, whether their customer or not, writes a patch first of their own volition it's hardly fair to claim that Red Hat is making it's customers roll out their own updates. I have heard of Linux distributors putting together their own patches before, but usually the people responsible for the vulnerable software get to it first or a patch is contributed. And even if Red Hat doesn't get to writing the patch first, they're still the ones that review the code before including it, package it, and take care of putting it up on a package repo so other's can get it.

Reply Parent Score: 4

RE[5]: Too slow...
by gonzo on Thu 5th Jan 2006 12:59 in reply to "RE[4]: Too slow..."
gonzo Member since:
2005-11-10

So far you're the only one in this thread to have said that either directly or indirectly.

Yeah, but someone else said that "RH or Novell" would provide patch much faster without any explanation.

and the developers who contribute to open source software often write those patches first because they hear about it first and it's primarily their responsability

We all know how well it works when Pat Slackware got sick. Define "developers who contribute to open source software"? Big companies don't like to deal with something not really defined.


And please, why did you skip this part:

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.

You guys know better than him, too...

Reply Parent Score: 1

RE[5]: Too slow...
by gonzo on Thu 5th Jan 2006 13:07 in reply to "RE[4]: Too slow..."
gonzo Member since:
2005-11-10

"Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"

<i?That's a common myth actually.[/i]

Well let's see: so you say that users are not doing QA's job (my point of virew), RH is not doing it, Novell is not doing it..

Well, who is doing it then? Nobody?

Red Hat doesn't produce it's own patches for the software if there already is one

And if there isn't one? And my company pays for support to RH?

Righhht..

Reply Parent Score: 1