Steve Kemp wrote:
> The first report that I saw was Fri, 09 May 2008 23:33:53 +0200.
>
> Had the issue not been leaked to Debian unstable as it was we'd
> probably have had a longer embargo, and more complete instructions
> at the time the DSA was prepared.
>
Embargo is a good thing, there is never a good time to break bad news,
enough time to ensure minimum damage is caused by the forthcoming news is
always prudent IMO.
Generally speaking <list wise and I don't think I'm backtracking> I use
Cisco IOS and trust it (bit pricey though and want to try BSD), that is
not to say that closed source security vendors do not try very hard to
test their products and release timely updates, following on from my
earlier point regarding closed source vs open source security. Cisco use
open security standards and tack on their own extensions which is fair
enough.
dlb
--
Damian L Brasher
http://www.diap.org.uk
