> It is partially vendor responsibility to fix the current distribution as > well as make their users aware. After contacting both Redhat and Debian > about this information, it was very disconcerting to see they were > unwilling to work with us on patching the problem. Both contacts expressed So if you find a hole in a random application on a random ftp site that runs with a random vendors product its the vendors problem. Frankly I think you are making a laughing stock of yourself Was it microsofts problem Eudora had a hole. Should Microsoft run out and audit every visual basic application on the web ? > That said, I assure you that RSI continues to try to "do the right thing". For an extremely strange definition thereof. If you had a few extra cluons you might have phrased it sensibly as "pcnfsd is not shipped with most Linux distributions but if you have obtained and installed it be aware that the standard Linux version from Sunsite.unc.edu is vulnerable" Every bogus claim you make brings the entire security tracking community into disrepute and reflects badly on the people who do care about doing things right. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:03 PDT