Rumors of MS involvement in Apache advisory
Jerry Feldman
gaf at blu.org
Sun Jun 23 14:48:15 EDT 2002
Commercial software vendors have schedules set up.
Bug gets reported. Placed into some problem reporting mechanism.
Bug fixer gets it, checks it out, maybe comes up with a fix.
The fix goes into the source tree.
Then, when the next scheduled release comes out, the fix should be in
there.
There is no requirement for the vendor to provide a fix immediately. In
some cases, where this may be a very serious problem, out of scope fixes
will be issued. If the problem reported is a major customer, the problem
will be fixed quickly.
"Derek D. Martin" wrote:
> However, in practice, I've been on Bugtraq too long to think this
> actually accomplishes anything, in most cases. In a few cases, mostly
> with free software like Apache, the "vendor" is very concientious and
> produces a fix immediately. In many, many cases the vendor is
> notified, and months go by without even the hint of a fix.
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
More information about the Discuss
mailing list