[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Third party patches, a matter of trust by n3td3v
From:       coderman <coderman () gmail ! com>
Date:       2006-03-30 12:40:22
Message-ID: 4ef5fec60603300440y72c0b1bfpe89474152c67355 () mail ! gmail ! com
[Download RAW message or body]

On 3/29/06, n3td3v <n3td3v@gmail.com> wrote:
>
> Third party patches, a matter of trust
>
> Why are third party patches a bad thing?

they are only a bad thing if they are not trusted and not well tested.


> They force Microsoft to rush out a patch before
> Q.A testing has been fully completed in the time scale
> Microsoft would have initially hoped.

M$ is never forced to do anything.

a short / inadequate test cycle for the third party patch is indeed
something to consider though.  (presumably anyone deploying a third
party patch is also doing much more testing than they would for a M$
tested and sanctioned patch)


> Is it responsible for eEye to release a third party patch before Microsoft?

absolutely.

is it responsible for any system administrator to apply the eEye patch?
that depends on trust and testing... :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]