Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 82057
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Too slow...
by gonzo on Thu 5th Jan 2006 12:59 UTC in reply to "RE[4]: Too slow..."
gonzo
Member since:
2005-11-10

So far you're the only one in this thread to have said that either directly or indirectly.

Yeah, but someone else said that "RH or Novell" would provide patch much faster without any explanation.

and the developers who contribute to open source software often write those patches first because they hear about it first and it's primarily their responsability

We all know how well it works when Pat Slackware got sick. Define "developers who contribute to open source software"? Big companies don't like to deal with something not really defined.


And please, why did you skip this part:

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.

You guys know better than him, too...

Reply Parent Score: 1

RE[6]: Too slow...
by Celerate on Thu 5th Jan 2006 23:38 in reply to "RE[5]: Too slow..."
Celerate Member since:
2005-06-29

"So far you're the only one in this thread to have said that either directly or indirectly.

Yeah, but someone else said that "RH or Novell" would provide patch much faster without any explanation. "


I can't see how saying "RH or Novell" would patch it faster translates into an insult on MS.

"We all know how well it works when Pat Slackware got sick."

Red Hat and Novell are companies, run by several people and capable of continuing should anything happen to one or more of them. Pat Volkerding (is that how you spell his last name) is one person, with a distribution which is more or less his own. So the comparisson isn't a good one.

Secondly when Pat Volkerding became ill few people knew what had actually happened to him at first, to many he simply seemed to have disappeared until news of the guy's illness had reached them. As I understand it no one took over for him because it wasn't important enough yet, and because there was still a good enough chance he might recover. Had he not survived I have no doubt someone else would have taken over the project, and no doubt now the guy has a backup plan should anything happen to him.

Thirdly just because no one is there to package an update doesn't mean there isn't one. It simply means that it's not packaged for that distribution yet so some independent person will probably package it and in the mean time sysadmins can install it manually which is what they are payed for. Heck, even most ordinary Linux users I know of know how to compile software from source, and if they don't they can get easy help from IRC, if you ask nice enough someone might even package it up for you so you never have to go near a console (depending on your distribution of course, but most now can do package management with a GUI).

"And please, why did you skip this part:

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.

You guys know better than him, too..."


I don't think I disagree with that part, so why would I need to reply to it.

Reply Parent Score: 1