--==_Exmh_865795608P Content-Type: text/plain; charset=us-ascii On Fri, 24 Sep 1999 10:00:46 BST, Darren Moffat - Solaris Sustaining Engineering <darren.moffatat_private> said: > I strongly recommend that people apply the latest recommended and security > patch sets when testing out security exploits. That way you won't send > out information about exploits which have been long fixed and needlessly > panic people. Good advice, as far as it goes. Yes, installing the latest fixes first before reporting a bug is a Good Idea (since the vendor will say first thing "Have you installed all the latest fixes?" and it's always good to patch OTHER problems before they hit). But.... Something we here on Bugtraq often lose sight of (since we as a group are preaching to the choir) is that perhaps sometimes panicing the people is needed. Remember - the *reason* we keep seeing old long-fixed patches is because there's machines out there that aren't patched. Unfortunately, I don't have a better answer to how to get people to install patches other than panicing them. And of course, the people who need panicing aren't Bugtraq subscribers. Or maybe they are - in which case causing a panic is overall a Good Thing. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech --==_Exmh_865795608P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBN+4YddQBOOoptg9JAQG7mAP/T6U4lizdR5eD+hmVvjI5orbEE/FpucO4 WAR0aT0yKwWRpJ6D2pOgoh1tVaJqrY7f8LSTutY3uaaB1WRN4SZ6hacMq46HpVH5 4anIWvqNPQvCmE8QsuyAkzp0YVXg6F0cMuxkCb7h6i9ScN6TzQiOSK5Qg0i27wW9 o8n9oirddtU= =k9we -----END PGP MESSAGE----- --==_Exmh_865795608P--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:22 PDT