Re: [cobalt-security] Re: [cobalt-announce] <<< Software Remove Notification For Sun Cobalt RaQ 4 >>> [OT] [severely]

[Thomas Mertz <tmertz@xxxxxxxxxxxxx>]

This is lamest excuse I have ever heard, and just shows Sun's complete lack
of competance as far as the Cobalts go, or at least lack of willingness to
put the proper resources into it. I used to work for a company that made
infrastructure equipment for telecommunications carriers (Sprint, Verizon,
Voicestream, etc). These products were way more complicated than the Cobalt
and we had no problem releasing timely patches that worked. The fact is that
the Cobalt is a simple product - a basic linux box with a web gui. Sun takes
a month or more to release security patches that other Linux vendors release
in hours.

I don't care about having all the latest and greatest features, I don't care
if third party software runs on the box, but security issues MUST be
resolved as soon as they are known. Sun is failing miserably on this.

When are we going to get a patch for /usr/lib/authenticate?

Tom


> This kind of thing happens with all sorts of patches and fixes -
> configuration management is a complicated thing, and we can only do what
we
> can in the time available. If this is an general appeal for software
> quality, I applaud you. On the other hand, why not whinge that patches
don't
> come out quick enough, then whinge that they aren't tested enough. You do
> know how to whinge don't you? You just put your lips together and blow.
> *pffffffft*. Sorry.
>
> Cheers
> Stephen Rice
> Senior Software Architect
> MEng(Hons) BSc SSc Cycling Proficiency (2nd attempt)
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>