I'm just not willing to assume that everyone tells me everything about everything all the time in a perfectly instantaneously, error-free manner. Even if they tried, they couldn't pull it off. David On Mon, Feb 8, 2010 at 8:17 AM, Dan White <dwhite at olp.net> wrote:
On 08/02/10?08:02?-0800, David Hiers wrote:
We can reason all we want to about this, but there is one large area of unknowns...
Patch release notes are imperfect, and embarrassing secrets can exist inside companies and code; one whisper from a trusted Broadsoft employee is enough to nudge me down the ?"patch everything" (aka "open your mouth and close your eyes") maintenance path.
By reading between the lines I can only assume that there are serious bugs and security vulnerabilities that are not documented, and quietly fixed in patches.
That's a nasty way to hold patches over your head. There are reasons why a software producer should *always* document fixed vulnerabilities. It should be part of the normal release cycle.
I shudder at the thought of depending on a software producer that is OK with embarrassing secrets existing inside their code.
-- Dan White