COM (Greg Nenych) writes:
>If you don't have
>source to the OS or can't understand it, at least make sure that the OS you
>are using has had lots of run time by lots of people and comes from a vendor
>that is very quick to fix security bugs.
I used to believe that I wanted patches quickly from Sun. Having been
through the horror of patching Solaris since 2.1 days, I now believe
they should be slower, and take especially more care in testing that new
patches don't break more things than they fix. Unfortunately, fully
integrated testing of all possible environments is impractical for an OS
vendor at the patch stage.
You and others insist that quick fixes to security bugs are good.
I think they're a mixed blessing, at best.