Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site ncoast.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!cwruecmp!atvax!ncoast!bsa
From: bsa@ncoast.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Warning on Discussions about Security in unix-wizards
Message-ID: <503@ncoast.UUCP>
Date: Tue, 18-Dec-84 12:29:30 EST
Article-I.D.: ncoast.503
Posted: Tue Dec 18 12:29:30 1984
Date-Received: Fri, 21-Dec-84 00:22:29 EST
References: <690@ames.UUCP>
Reply-To: bsa@ncoast.UUCP (Brandon Allbery)
Distribution: net
Organization: Unix-like Operating Systems Consultant
Lines: 32
Summary: 

> Article <690@ames.UUCP>, from eugene@ames.UUCP (Eugene Miya)
+----------------
| I am posting this to unix-wizards because of the reemergence of security
| as a topic for flaming on the wizards list.  I realize there are many
| people reading this list who are not unix devotees, but I want to point
| out to the wizards that what they say can be used against them.
| 
| Early on, this discussion broadly covered security in general.  When this
| discussion shifts, in particular, to unix security, we create another
| set of problems.  To the wizards: there are managers and other people reading
| this net who will use this 'security' information as a justification for
| not using Unix.  This misaligned viewpoint not only berates this OS, but also
| tends to ignore possible security holes in systems such as VMS, VM/370,
| OS/32, EXEC*1100, and so on. [What? ...'s OS has security holes?! No way, but
| look at Unix...]  To managers of other systems: go to your systems people and
| ask "If this problem happens on this other oprating system, can this or any
| thing like it happen on our XYZ OS?"  I'm certain many will say no,
| [politically], but the value of this will be offset by holes found by others.

If you want discussion of security holes in VMS or VM/370, I'd suggest
that you look up net.{vms,vm370}-wizards.  Maybe we should shut down
net.unix-wizards because people come here to ask questions which show
Unix up as not perfect (witness the constant requests for bug-free device
drivers)?  Or we can be sane, accept that we're talking Unix on a Unix
network, and forget about it.  Being silent about bugs and security problems
merely insures that they'll never get fixed.

--bsa
-- 
  Brandon Allbery @ decvax!cwruecmp!ncoast!bsa (..ncoast!tdi1!bsa business)
6504 Chestnut Road, Independence, Ohio 44131   (216) 524-1416
<<<<<< An equal opportunity employer: I both create and destroy bugs :-) >>>>>>