--On December 29, 2005 5:51:04 AM -0500 Valdis.Kletnieks@vt.edu wrote:
On Wed, 28 Dec 2005 13:20:51 PST, Owen DeLong said:
Denying patches doesn't tend to injure the trespassing user so much as it injures the others that get attacked by his compromised machine. I think that is why many manufacturers release security patches to anyone openly, while restricting other upgrades to registered users.
Color me cynical, but I thought the manufacturers did that because a security issue has the ability to convince non-customers that your product sucks, while other bugs and upgrades only convince the sheep that already bought the product that the product is getting Even Better!(tm).....
That could be a factor, but, I know first hand from the legal departments of at least two software "manufacturers" that it was at least a factor in the decision, and, they do have concerns about being liable for damages caused by security flaws in their software. Owen -- If it wasn't crypto-signed, it probably didn't come from me.