[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] BugTraq

Once upon a time, Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx> said:
> However, Chris, when someone finds such an issue, notifying BugTraq ASAP
> lets the rest of us know it's there while the vendor has a reasonable time
> to fix it. That way we can live with it, or shut it down, or something, in
> the meantime.

Well, I described the problem in detail here almost two months ago.  I
haven't had a chance to do anything beyond that until today.

Still, the policy of BUGTRAQ (which is ignored regularly) is to give the
vendor a chance to fix the problem before it becomes public, so the
announcement of a problem can immediately be followed with a fix.
Reasonable time should be a week or less typically though, not the
nearly three months that it has been since I notified Cobalt of the
problem.

Is it just me, or is Cobalt really falling down since the IPO?  There is
this security hole, the RaQ3 catch-all flaw (which is older than this
security hole), and some other things that I don't remember off hand.
About the only new things we've seen are the ManageRaQ (which was kind
of under-whelming to me, since I had perl scripts to do the same in a
more flexible manner) and ASP for the RaQ3, which Cobalt didn't develop.
Maybe instead of buying other companies, they should spend more money on
development and system upgrades/fixes.
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Information Services
I don't speak for anybody but myself - that's enough trouble.