Re: [cobalt-security] poprelay: serious security bug

[Jeff Lovell <jlovell@xxxxxxx>]

On 09 Jul 2001 19:58:26 -0400, Carrie Bartkowiak wrote:
>
> Just wondering, if you have a minute...
> How large is the team that makes the patches/updates?

The team that makes patches varies.  The team  is augmented on a needed
basis with software engineers.  So, it is really hard to say there are X
people working on patches.

> How many different machines do you have in the (I presume) lab - if 
> any - to test these on?

We have hundreds of machines in our sustaining and sqa labs.  Needless
to say we don't test all patches against all the machines, usually a few
from each platform are chosen to run the tests on.

> Is there an actual beta test group of machines, or are we the beta 
> group?  :)

There is a SQA group that tests the software, we don't think of our
customers as beta testers.  The engineers that write the patches test
the software before it is given to the SQA group.

I prefer to make experimental patches available to the group, most of
the time due to the severity of the problem.  There is no doubt that you
guys are using the boxes in ways we can't possible imagine, and you may
run across things that we don't test for.

I'm not trying to make beta customers out of you.  I'm offering you an
option to plug the security hole quickly and give possible feedback of
problems you encountered.  I value that feedback that comes from you
guys.

Jeff
-- 
Jeff Lovell
Sun Microsystems Inc.