STEWART_SYS@uta.edu.UUCP (02/18/87)
As someone previously mentioned, any security problem that is known will get around whether it's published on info-vax or not. Remember, this is not the one and only VAX related posting that exists. If a site has access to the mailing list and some malicious student or disgruntled employee can read the list, it's more than likely that the system manager or security agent can and will read the list as well. If not this list, then the VAX forum on CompuServe, GEnie, The Source, BIX, a DECUS publication or perhaps a LUG newsletter (there are LOTS of places to post information). My point is, it's in the nature of a system manager to stay informed of the issues involving his/her computer system. Hopefully, he/she will find out about security problems before a user does, but if not, I don't think it can be totally blamed on someone posting a message on info-vax. Certainly if someone does post a security problem, they should include a fix or work around with it. As far as the new system manager is concerned, if he/she is very green, they will likely be depending on DEC and/or other experienced personnel to assist with particular problems. I would think that even they will be informed of a problem and the solution. If they are a new VAX installation and someone has been 'elected' as system manager, it's likely that the other users are just as green when it comes to VMS. Of course, I doubt that in this case, the first order of business is to get the system on a mailing list where all those nasty security risks are posted...