At 04:28 PM 7/11/01 -0400, Bagotronix Tech Support wrote:
>All ranting aside, has anyone (any real PCB designers, that is) actually
>used the AutoRFQ thingy yet? I would be interested to know how effective it
>is at getting competitive quotes from REPUTABLE PCB shops. With regard to
>the NDA stuff, the marketing fluff says it "extracts the minimum numerical
>data required for quotation". I assume this is board area, # of
>plated/unplated holes, # of layers, SMOBC y/n, # of hole sizes, smallest
>hole, etc. It should NOT put the actual Gerber data in the quote package, I
>hope! How about someone from Protel actually putting our fears at ease (or
>at high alert) on this by telling us exactly what data it sends? Are you
>listening, Protel?
Such a tool should be accompanied with *very* specific information about
what is sent. What is sent should be in a text file that can easily be
read. In fact, the program should merely create the appropriate e-mail,
which could then be reviewed by the designer before it is queued for
sending. Proprietary data, if any, should be separately sent encrypted,
with a separate permission required.
From: "Gordon Price" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Sent: Wednesday, July 11, 2001 2:25 PM
>Subject: Re: [PEDA] New on-line PCB quoting service for Protel 99 SE
>
>
> > Dear Brent,
> > This is really a stupid idea, as I have mentioned before. We are
> > interested in getting Protel 99 SE to work in a stable way, not how you
>can
> > broaden your market. Please do not put AutoRFQ in any products or we will
> > drop PROTEL!! There are NDA issues and extreme product confidentiality
> > issues that no smart company will put up with here!
This may be overstated. If AutoRFQ is automatically installed, or is easily
to install in error, then, yes, it is a very serious defect, one that would
cause me to postpone installation of any version or service pack that
included it. Similarly, if it sends proprietary data (numbers of holes and
board size are not particularly proprietary, without ample opportunity to
review by the system operator, it would likewise be a security risk. I have
not downloaded the add-on because it is only rarely that I make fabrication
purchase decisions, so I don't know.
An install option should allow the substitution of a user-definable address
to which all submissions would go, and, as I mentioned, the submissions
should be in ASCII text, user readable and understandable. This would allow
review by an officer of the company tasked with security. It might just be
another engineer, it might be the designer himself (and then he could
choose to forward it to a known address.
There is no reason to allow such a program to function as a server, and
that, too, raises serious security issues. Otherwise it creates no new
security issue.
At the present there is little problem because it is an add-on which is
voluntarily installed. Don't trust your engineers to install executables?
Obviously in this case one would not allow them to do so. The real concern
is the risk that the program would become part of a default installation
without the security concerns being addressed.
[EMAIL PROTECTED]
Abdulrahman Lomax
P.O. Box 690
El Verano, CA 95433
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* To post a message: mailto:[EMAIL PROTECTED]
*
* To leave this list visit:
* http://www.techservinc.com/protelusers/leave.html
* - or email -
* mailto:[EMAIL PROTECTED]?body=leave%20proteledaforum
*
* Contact the list manager:
* mailto:[EMAIL PROTECTED]
*
* Browse or Search previous postings:
* http://www.mail-archive.com/[email protected]
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
