25 Jun 2002 todd   » (Master)

The world does not always, and often does not, appreciate those that do it favors.

Consider sshd and privelege separation. As we are in the time when vendors and developers need to assist in making privelege separation work for all, many critics and nay-sayers are suggesting alternate agendas for the lack of disclosure on the bug that can be kept at bay through privelege separation.

Let us see this for what it is. The reality we face is:

  1. bug is discovered
  2. choice made to delay full disclosure so everyone has an opportunity to be safe
  3. announcement of privelege separation as a safe and recommended upgrade
  4. time delay to allow for security upgrades
  5. full disclosure of the bug, the alert are safe


There are those who are calling for this scenario:
  1. bug is discovered
  2. full disclosure, including bugfix
  3. privelege separation is suggested as a way to avoid future bugs
  4. many people caught off guard, and exploited


I know which scenario I like better. Unfortunately, unhappy people would suggest otherwise. *sigh*.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!