Warning on Discussions about Security in unix-wizards

[bsa at ncoast.UUCP]

> Article <690 at ames.UUCP>, from eugene at ames.UUCP (Eugene Miya)
+----------------
| I am posting this to unix-wizards because of the reemergence of security
| as a topic for flaming on the wizards list.  I realize there are many
| people reading this list who are not unix devotees, but I want to point
| out to the wizards that what they say can be used against them.
| 
| Early on, this discussion broadly covered security in general.  When this
| discussion shifts, in particular, to unix security, we create another
| set of problems.  To the wizards: there are managers and other people reading
| this net who will use this 'security' information as a justification for
| not using Unix.  This misaligned viewpoint not only berates this OS, but also
| tends to ignore possible security holes in systems such as VMS, VM/370,
| OS/32, EXEC*1100, and so on. [What? ...'s OS has security holes?! No way, but
| look at Unix...]  To managers of other systems: go to your systems people and
| ask "If this problem happens on this other oprating system, can this or any
| thing like it happen on our XYZ OS?"  I'm certain many will say no,
| [politically], but the value of this will be offset by holes found by others.

If you want discussion of security holes in VMS or VM/370, I'd suggest
that you look up net.{vms,vm370}-wizards.  Maybe we should shut down
net.unix-wizards because people come here to ask questions which show
Unix up as not perfect (witness the constant requests for bug-free device
drivers)?  Or we can be sane, accept that we're talking Unix on a Unix
network, and forget about it.  Being silent about bugs and security problems
merely insures that they'll never get fixed.

--bsa
-- 
  Brandon Allbery @ decvax!cwruecmp!ncoast!bsa (..ncoast!tdi1!bsa business)
6504 Chestnut Road, Independence, Ohio 44131   (216) 524-1416
<<<<<< An equal opportunity employer: I both create and destroy bugs :-) >>>>>>