jeffrey%cmc.cdn%ubc.CSNET@CSNET-RELAY.ARPA (Craig Jeffrey) (11/13/85)
Date: 13 Nov 85 1322 GMT From: Craig Jeffrey <jeffrey@cmc.cdn> To: goldstein%galaxy.DEC@decwrl.DEC.com In-Reply-To: <8511121745.AA08383@decwrl.DEC.COM> Message-ID: <532:jeffrey@cmc.cdn> Subject: Publishing Security Holes on INFO-VAX As a system manager who needs a secure system, I welcome any discussions about security issuses in INFO-VAX. DEC approach to security is is somewhat simplistic (we use third party security mechanisms) and I would much rather see DEC respond intelligently to security holes than attempt to "gag" them by making pious statements about what's good for DEC is good for the general computing community. Craig Jeffrey ///////////// Canadian Microelectronics Corportion Carruthers Hall Kingston, Ontario Canada
eugene@AMES-NAS.ARPA (Eugene Miya) (11/14/85)
If Mr. Goldstein is the person who wrote the recent VAX security guide from DEC, I am impressed. I am surprised that no one from the Unix community has responded to this. This issue came up in the Unix community about 2 years ago. What was created was a mailing list based on interested parties who could show that they had some business doing security work (at least to a low-level) like mailing from the "root" account. The equivalent thing might be to issue the mail from SYSTEM. This offers a first cut, and nothing more. I did not join the above mailing list as research in security is not my interest, but I offer it as a helpful suggestion for future security discussions. Perhaps, Mr. Goldstein can act as keeper of such a security discussion list. "I would never join a group that would have me for a member." Woody Allen and many others. --eugene miya NASA Ames Research Center eugene@ames-nas {hao,ihnp4,nsc,dual,menlo70,hplabs}!ames!eugene UUCP