Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 82280
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Too slow...
by Celerate on Thu 5th Jan 2006 23:53 UTC in reply to "RE[5]: Too slow..."
Member since:

""Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"

<i?That's a common myth actually.

Well let's see: so you say that users are not doing QA's job (my point of virew), RH is not doing it, Novell is not doing it..

Well, who is doing it then? Nobody?

Red Hat doesn't produce it's own patches for the software if there already is one

And if there isn't one? And my company pays for support to RH?


Ok, lets try this again. Obviously you don't understand the relationship between OSS developers and Linux distributions.

Linux distributions are comprised of the Linux kernel and software, these are not written by Red Hat or Novell, athough the two companies do contribut code among other things. Other people maintain the programs they wrote that Red Hat and Novell in turn package for their distributions. Now if there is a problem, the people who actually wrote the software and continue to maintain it are usually the ones who also fix it if someone else doesn't willingly contribute a fix first, and it actually happens very fast with a patch usually released before 24 hours elapses. All Red Hat and Novell do is is package the patch and put it up on their servers so people can update. Now, if a patch isn't issued that is where things change, either Red Hat or Novell or some other distributiors will have their employees work on a patch and then they are packaged and uploaded to the servers usually very promptly.

Neither Red Hat or Novell leave thier customers or users to roll out thier own patches, if patches are contributed it's done by people who wanted to do it. Otherwise the distributors take care of making and packaging the patches themselves, and they do so very promptly.

Reply Parent Score: 1