AWalker@RED.RUTGERS.EDU (*Hobbit*) (11/14/85)
Don't sweat it, Andy [or Todd]. Most security holes that are sent to such lists include a fix. Or one can be easily thought up later [through all of us on the list banging our heads together and being creative]. Those problems which don't have an immediately obvious workaround, such as the crashing Fortran thing, can be dealt with in other ways [i.e. if your system goes down, and you discover that one of your users was running a program known to crash VMS at the time, you go after *him* with both barrels and tell him he should have known better or gotten permission to try it first]. I for one would like to hear about any and all such holes, so I can plug them on my system and forward the info to my non-networked system manager type friends. Having been unable so far to find any serious holes in 4.x on my own system, I suck these bug reports up eagerly. Keep 'em coming. The people at DEC shouldn't feel threatened just because someone found a problem in some of their code. It happens all the time; whether it gets SPRed or sent to info-vax, the message still constitutes a notification. I would rather hear about it now than six months down the road in the 4.3 or so release notes, so I can fix it *now* instead of have the hole open all that time. _H* -------