Vendor Bug Reporting Policy (was Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)

Sean Eric Fagan sef at kithrup.COM
Tue Feb 19 14:34:05 AEST 1991


In article <1991Feb19.002252.15194 at motcad.portal.com> jtc at motcad.portal.com (J.T. Conklin) writes:
>Was the existance of this bug passed up the chain of command to AT&T and 
>then distributed to all other sysv386 vendors, or did SCO, Dell, and AT&T
>keep it to themselves.  If so, I consider SCO, Dell, and AT&T as much at
>fault as ISC, ESIX, Bell Tech, and Microport.

Uhm... AT&T gave out 3.2.1 to all of its source customers (as far as I know;
everyone's comments [including some people from at&t] in this group seem to
indicate that is the case); Dell, at least, used the AT&T 3.2.1 solution
(whatever it is).  AT&T may have gotten wind of it from SCO; I don't know.
As far as I'm concerned, AT&T acted properly, and SCO does not have any
compulsion (legally, at least, and probably ethicly) to give value added
work (which included bug fixes) back to AT&T.  After all, SCO pays AT&T for
code, not vice-versa.

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef at kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.



More information about the Comp.unix.sysv386 mailing list