[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gpsd-dev] Moving ntpd to an open VCS

From: Gerry Creager - NOAA Affiliate
Subject: Re: [gpsd-dev] Moving ntpd to an open VCS
Date: Wed, 23 Oct 2013 15:20:59 -0500

I've been casually installing ntpd to all my systems for years. It's core infrastructure stuff. It IS casually installed. 

And, for what it's worth, I found the comment humorous and hardly myopic.

On Wed, Oct 23, 2013 at 2:58 PM, Harlan Stenn <address@hidden> wrote:
"Gary E. Miller" writes:

> On Wed, 23 Oct 2013 07:38:35 +0000
> Harlan Stenn <address@hidden> wrote:
> > > security patches private is not generally accepted by the
> > > open-source community.  I'm not going to argue the merits here
> > > because my personal views are not very relevant; what matters is
> > > the social fact that most open source developers are fans of prompt
> > > full disclosure, or at most a very short timeout. The minority that
> > > partially agrees with you will not save you on any of these other
> > > issues.
> >
> > ...
> > be, depending on the definition of "prompt".  The NTP Project's
> > software is core infrastructure stuff.  It's not something people
> > generally casually install.  If we get a security report, we contact
> > folks like CERT and they get back to us and usually ask for at least
> > a 45 day disclosure embargo after we get them patches so the OS
> > vendors and various gov't agencies can prepare for the "announcement".
> Yes, you really need to give the NSA a chance to exploit your bugs before
> anyone can patch them.

Are you joking?

If not, please consider some other possibilities where that is a myopic
and half-baked response, borderline pernicious, and paints you in an ill


Gerry Creager
“Big whorls have little whorls,
That feed on their velocity; 
And little whorls have lesser whorls, 
And so on to viscosity.” 
Lewis Fry Richardson (1881-1953)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]