[1975] in Kerberos_V5_Development
Re: confidential support
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sat Nov 16 14:18:50 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: gnats-admin@rt-11.mit.edu, krbdev@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 16 Nov 1996 14:18:40 -0500
In-Reply-To: "Barry Jaspan"'s message of Mon, 11 Nov 1996 13:46:41 -0500
>>>>> "Barry" == "Barry Jaspan" <bjaspan@MIT.EDU> writes:
Barry> Do we get enough bug reports that have to be confidential
Barry> to justify the effort and complexity of setting this up and
Barry> remembering how to maintain these two separate lists?
I argue that one bug report is enough. Seriously, we are in
the security business and there are bound to be security holes. These
tend to get handled through personal email in the past and never
really documented anywhere. Security holes are the worst kind of bug
not to have long-lasting history about.
Besides, once implemented, the structure is simple:
* Add anyone who asks to krb5-prs-public
* Suggest to developers that they add themselves to krb5-prs-internal
Barry> Barry
