[VoiceOps] Broadworks Patch Religion
David Hiers
hiersd at gmail.com
Mon Feb 8 11:28:53 EST 2010
I'm just not willing to assume that everyone tells me everything about
everything all the time in a perfectly instantaneously, error-free
manner.
Even if they tried, they couldn't pull it off.
David
On Mon, Feb 8, 2010 at 8:17 AM, Dan White <dwhite at olp.net> wrote:
> On 08/02/10 08:02 -0800, David Hiers wrote:
>>
>> We can reason all we want to about this, but there is one large area
>> of unknowns...
>>
>> Patch release notes are imperfect, and embarrassing secrets can exist
>> inside companies and code; one whisper from a trusted Broadsoft
>> employee is enough to nudge me down the "patch everything" (aka "open
>> your mouth and close your eyes") maintenance path.
>
> By reading between the lines I can only assume that there are serious bugs
> and security vulnerabilities that are not documented, and quietly fixed in
> patches.
>
> That's a nasty way to hold patches over your head. There are reasons why
> a software producer should *always* document fixed vulnerabilities. It
> should be part of the normal release cycle.
>
> I shudder at the thought of depending on a software producer that is OK
> with embarrassing secrets existing inside their code.
>
> --
> Dan White
>
More information about the VoiceOps
mailing list