[Info-vax] DCL vulnerability write up on The Register

[terry-groups at glaver.org]

On Thursday, February 8, 2018 at 12:29:52 PM UTC-5, Stephen Hoffman wrote:
> HPE transitioned OpenVMS Alpha into mature support — that's HPE-speak 
> for "no patches" — over a year ago.

If I were paying HPE for support, I'd really have to question what type of "support" they were providing if they declined to produce a patch for a known CVE, particularly when they seem to know what the fix entails. Perhaps HPE "support" just means access to the library of out-of-date, no-longer updated patches, plus occasional "reading service" to tell the user that something is in the manual? Perhaps they should reduce their support pricing to reflect the reality of the "support" they are providing...