Path: utzoo!utgpu!watmath!iuvax!uxc.cso.uiuc.edu!dino!atanasoff!jwright
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Newsgroups: comp.sys.apollo
Subject: Re: security hole
Message-ID: <1324@atanasoff.cs.iastate.edu>
Date: 10 Aug 89 19:03:21 GMT
References: <44e9d7d4.c4b0@apollo.HP.COM> <511@eda.com> <641@prles2.UUCP>
Reply-To: jwright@atanasoff.cs.iastate.edu.UUCP (Jim Wright)
Organization: Iowa State U. Computer Science Department, Ames, IA
Lines: 33

In article <641@prles2.UUCP> collins@nvpna1.UUCP (Donal O Coileain) writes:
| 
| Apollo produces a patch tape every month.
| 
| You cannot blame Apollo because you don't read the release notes or 
| understand the bugs/fixes.

I don't happen to have the clout of Phillips Research Labs.  I don't get
a patch tape every month, or even an announcement.  In fact, this is the
first I've heard of it.  But enough whining.  I'd like to offer some
constructive help.

The last time the patch issue was raised, there were some noises about
the University of Iowa setting up an anonymous ftp site which archived
all the patches.  Apparently it has died; I haven't heard a peep out of
them since.

As part of the anti-viral archives, in conjunction with comp.virus/VIRUS-L,
we are setting up a site for Unix systems.  To start this, we already
have bug fixes for Sun, Pyramid and DEC.  We would be pleased to make the
Apollo patches available too.  If someone from Apollo could respond here,
contact me, or give me a lead as to who to contact at Apollo, I would
appreciate it.

Also, opinions from the net as to whether this is good or bad would be
helpful.  Perhaps if enough interest is shown, it will happen.  I know
that anonymous ftp is not available to everyone.  But as it stands now,
you apparently have to be a mega-corporation with an inside track to
Apollo to get access to bug fixes.  (My perception; am I wrong?)

-- 
Jim Wright
jwright@atanasoff.cs.iastate.edu