Re: PGP bug *NOT* yet fixed
At 5:58 PM 7/17/94, Jeffrey I. Schiller wrote:
Chill out friend. We are working on a bugfix release to PGP which will fix several important bugs. The bug you mention is fixed in our development sources and will be fixed in the next release. Read Colin's note carefully. If you do you will realize that this problem is not a disaster [. . . .]
It might not be a disaster, but if it was bad enough for Colin to write that message--it couldn't have been comfortable to admit to such a mistake--it seems more than worthwhile to fix it at the same time, especially considering that the fix could be as simple as putting his message in the release directory. I certainly thank Colin for having the courage to publicly announce the mistake; my complaint is that there wasn't any follow-through. The point is that this is damaging to PGP's reputation--it makes the programmers look amateurish. You might be amatuers, but you sure haven't acted like it until this. Any security-related bug serious enough to announce is serious enough to fix immediately; otherwise, we should take "Pretty Good" much more literally than most of us do now. Heck, it would have taken a fraction of the time to fix the code than it must have for Colin to write the letter. b& -- Ben.Goren@asu.edu, Arizona State University School of Music net.proselytizing (write for info): Protect your privacy; oppose Clipper. Voice concern over proposed Internet pricing schemes. Stamp out spamming. Finger ben@tux.music.asu.edu for PGP 2.3a public key.
participants (1)
-
Ben.Goren@asu.edu