The Internet, Unix, BSD, and Linux

From: Alan Cox <a...@cymru.net>
Subject: SECURITY: New CERT contact needed for Linux community
Date: 1997/05/28
Message-ID: <pycola.864799641.26059@liw.clinet.fi>#1/1
X-Deja-AN: 244346139
X-Server-Date: 28 May 1997 06:07:23 GMT
Followup-To: comp.os.linux.misc
Old-Date: Mon, 26 May 1997 23:23:15 +0100 (BST)
Organization: none
X-Auth: PGPMoose V1.1 PGP comp.os.linux.announce iQBVAwUBM4vLmziesvPHtqnBAQGjFAH7BA3Psmp4pChDCC/h8OWbcxgZMsOKTzRn m/PIkabab+wUhSC38iz4eYyHbNL6zACa2z3Ab15F51jLRvVIqULB6A== =/8IK
Newsgroups: comp.os.linux.announce


I've had various concerns when doing the Linux work with CERT, notably the
lack of work CERT does in releasing important bug reports when vendors
fail to release adequate fixes, and their lack of bug tracking for non 
unix systems. 

It is now over one year since the Sun Solaris 'rsh file descriptor bug'
that allows any user to trash network configuration of a solaris box was
passed to you[cert]. Nothing appears to have happened, no warning was ever
issued to users. 

I no longer have any faith in CERT nor believe it is the right way to
handle the lamentably bad state of computer security today. It muddles along
like some kind of comic book 3rd world security agency trying to hide the
truth - the only reason we haven't had major computer security catastrophes
on the internet is because nobody has lit the fuse, not because we have
security.

As such I think it is inappropriate for me to continue to work with CERT
as the Linux vendor contact and ask that the Linux community find another
representative. 

Bugtraq has over 10,000 subscribers, things reported there generally get
fixed and I see little evidence of increased problems through its full
disclosure policy. In future I will instead be dealing with bugs I find
and learn about directly through bugtraq.

Alan Cox
EX Linux vendor contact


- -- 
This article has been digitally signed by the moderator, using PGP.
http://www.iki.fi/liw/lars-public-key.asc has PGP key for validating signature.
Send submissions for comp.os.linux.announce to: linux-annou...@news.ornl.gov
PLEASE remember a short description of the software and the LOCATION.
This group is archived at http://www.iki.fi/liw/linux/cola.html

			  SCO's Case Against IBM

November 12, 2003 - Jed Boal from Eyewitness News KSL 5 TV provides an
overview on SCO's case against IBM. Darl McBride, SCO's president and CEO,
talks about the lawsuit's impact and attacks. Jason Holt, student and 
Linux user, talks about the benefits of code availability and the merits 
of the SCO vs IBM lawsuit. See SCO vs IBM.

Note: The materials and information included in these Web pages are not to
be used for any other purpose other than private study, research, review
or criticism.