RE: Web sites compromised by IIS attack

["Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>]

> Paul,
>
> If I'm understanding you correctly you don't understand 
> Linux/Redhat. Or your just being silly to make a point. 
> sendmail, wftp , php, etc.. are not owned by Redhat. Each of 
> these applications are owned buy someone else and Redhat is 
> allowed to re-distribute them. 

Yeah, but Redhat are the vendor, whether or not they actually wrote the
software, they distributed it to you.  Their product is Redhat Linux
(the distribution), if that has a flaw in it they shouldn't get exempted
just because they didn't write it.  Could Microsoft then pass off
support for ftp.exe for instance?

> And using the number of fixes/patches to an application as an 
> indication of how god it is, is a bad thing. Using this logic 
> you would have to say M$ is a good product.

I believe you haven't looked at http://support.microsoft.com for a
while?

And besides, it was pretty clear that he wasn't using it as an
indication of relative quality, just as an indicator of the fact that
noone writes perfect software.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html