On 08/02/10?08:02?-0800, David Hiers wrote:
We can reason all we want to about this, but there is one large area of unknowns...
Patch release notes are imperfect, and embarrassing secrets can exist inside companies and code; one whisper from a trusted Broadsoft employee is enough to nudge me down the "patch everything" (aka "open your mouth and close your eyes") maintenance path.
By reading between the lines I can only assume that there are serious bugs and security vulnerabilities that are not documented, and quietly fixed in patches. That's a nasty way to hold patches over your head. There are reasons why a software producer should *always* document fixed vulnerabilities. It should be part of the normal release cycle. I shudder at the thought of depending on a software producer that is OK with embarrassing secrets existing inside their code. -- Dan White