[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Third party patches, a matter of trust by n3td3v

To: n3td3v <n3td3v@xxxxxxxxx>
Subject: Re: [Full-disclosure] Third party patches, a matter of trust by n3td3v
From: coderman <coderman@xxxxxxxxx>
Date: Thu, 30 Mar 2006 04:40:22 -0800

On 3/29/06, n3td3v <n3td3v@xxxxxxxxx> wrote:
>
> Third party patches, a matter of trust
>
> Why are third party patches a bad thing?

they are only a bad thing if they are not trusted and not well tested.

> They force Microsoft to rush out a patch before
> Q.A testing has been fully completed in the time scale
> Microsoft would have initially hoped.

M$ is never forced to do anything.

a short / inadequate test cycle for the third party patch is indeed
something to consider though.  (presumably anyone deploying a third
party patch is also doing much more testing than they would for a M$
tested and sanctioned patch)

> Is it responsible for eEye to release a third party patch before Microsoft?

absolutely.

is it responsible for any system administrator to apply the eEye patch?
that depends on trust and testing... :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Third party patches, a matter of trust by n3td3v
  - From: n3td3v

Prev by Date: Re: [Full-disclosure] Third party patches, a matter of trust by n3td3v
Next by Date: Re: [Full-disclosure] linux routing table ip-lookup algorithm ??
Previous by thread: Re: [Full-disclosure] Third party patches, a matter of trust by n3td3v
Next by thread: RE: [Full-disclosure] Third party patches, a matter of trust by n3td3v
Index(es):
- Date
- Thread