On Tue, 16 May 2006, Harold Fuchs wrote:
If we are going to get serious, I'll have to ask the obvious question:
why is the source only available *after* the executable?
"Just common sense, under the circumstances..." leads to the question
what circumstances?
As an outsider, I'll just add that it made sense to me. He wanted to put
out the executables as quickly as possible because of the newly discovered
vulnerability (that was the "circumstance," I guess). So he did that
immediately, then went back to reorganize the code and make the tar.gz
files, and whatnot. It didn't take very long.
Another good reason to release binaries first -- think about this -- a bad
guy could download both the new source and the old source, do diffs and
figure out how to exploit the vulnerability. If the binaries are out
there first, it gives us a chance to prepare for the coming barrage of
attacks.
Mike
--
Michael B. Miller, Ph.D.
Assistant Professor
Division of Epidemiology and Community Health
and Institute of Human Genetics
University of Minnesota
http://taxa.epi.umn.edu/~mbmiller/
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
