Vendor Bug Reporting Policy (was Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)
Sean Eric Fagan
sef at kithrup.COM
Tue Feb 19 14:34:05 AEST 1991
In article <1991Feb19.002252.15194 at motcad.portal.com> jtc at motcad.portal.com (J.T. Conklin) writes:
>Was the existance of this bug passed up the chain of command to AT&T and
>then distributed to all other sysv386 vendors, or did SCO, Dell, and AT&T
>keep it to themselves. If so, I consider SCO, Dell, and AT&T as much at
>fault as ISC, ESIX, Bell Tech, and Microport.
Uhm... AT&T gave out 3.2.1 to all of its source customers (as far as I know;
everyone's comments [including some people from at&t] in this group seem to
indicate that is the case); Dell, at least, used the AT&T 3.2.1 solution
(whatever it is). AT&T may have gotten wind of it from SCO; I don't know.
As far as I'm concerned, AT&T acted properly, and SCO does not have any
compulsion (legally, at least, and probably ethicly) to give value added
work (which included bug fixes) back to AT&T. After all, SCO pays AT&T for
code, not vice-versa.
--
Sean Eric Fagan | "I made the universe, but please don't blame me for it;
sef at kithrup.COM | I had a bellyache at the time."
-----------------+ -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.
More information about the Comp.unix.sysv386
mailing list