Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!cica!ctrsol!uakari.primate.wisc.edu!csd4.milw.wisc.edu!cs.utexas.edu!uunet!mcvax!hp4nl!phigate!prle!prles2!nvpna1!collins
From: collins@nvpna1.prl.philips.nl (Donal O'Coileain)
Newsgroups: comp.sys.apollo
Subject: Re: security bug
Keywords: apollo,domain_os,aegis,display manager
Message-ID: <638@prles2.UUCP>
Date: 9 Aug 89 14:09:07 GMT
References: <108@tugiaik.UUCP> <109@tugiaik.UUCP>
Sender: nobody@prles2.UUCP
Reply-To: collins@nvpna1.UUCP (Donal O'Coileain)
Organization: Philips Research Labs (Nat Lab), Eindhoven, The Netherlands.
Lines: 22

In article <109@tugiaik.UUCP> plipp@tugiaik.UUCP (Peter Lipp) writes:
> I personally do not think and hope that my posting will do considerable harm. 
> the best way to prevent the misuse of such holes is to publish them so that
> everybody is aware of the problem.

By posting the source code you simply encouraged every user to try it. It
would have been much more responsible of you to simply warn the net, leave
Apollo have the source code and let them decide who was allowed to see it.

> Furtheron you might have informed at least local representatives to enable 
> them to
> answer my inquiries about a month ago. If they had known about the problem,
> I surely would
> not have posted that stuff.

OUR local representatives WERE aware of the sr9.7 and pending sr10.1 patch. I
say pending because we don't have the August sr10 tape yet in Holland. 

Donal O Coileain.   collins@apolloway.prl.philips.nl   or
                    collins%nvpna1.prl.philips.nl@uunet.uu.nl
-- And out of the gloom a voice said, 'Smile and be happy for things could
   be a lot worse'. So I smiled and was happy and behold, things got worse --