Subject: Re: syslog(3) security problem
To: Thor Lancelot Simon <tls@cloud9.net>
From: David Maxwell <david@spinne.web.net>
List: netbsd-users
Date: 09/03/1995 05:34:31
> 
> 
> >> Would someone in core please commit the fixes for this to the tree?
> 
> >Oh get a grip.  It's been like 24 hours... *Some* people actually
> >have to work for a living...
> 
> Can you think of something in this business that's more important than
> random outside people not being able to maraud about your machine at will?
> *Some* people might end up with a lot more work to do, for the same living,
> if they sup and blow away the fixes they've installed and don't notice.
> 
> NetBSD is either a for-real operating system or it's not.  That the vendors of

I'm sure I won't be the first (or only) person to say that running a -current
machine in a production environment implies walking the razor's edge.

Supping only means keeping an up to date set of sources. I don't think many
people would recommend building beta sources on a daily basis for a machine
you _need to rely on_.

This is of course, not to say that the fixes shouldn't get put in as soon as
they are verified.

							David Maxwell
							david@web.net