[Info-vax] DCL vulnerability write up on The Register
Kerry Main
kemain.nospam at gmail.com
Fri Feb 9 22:31:22 EST 2018
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf Of
> DaveFroble via Info-vax
> Sent: February 9, 2018 1:50 AM
> To: info-vax at rbnsn.com
> Cc: DaveFroble <davef at tsoft-inc.com>
> Subject: Re: [Info-vax] DCL vulnerability write up on The Register
>
> terry-groups at glaver.org wrote:
> > On Thursday, February 8, 2018 at 12:29:52 PM UTC-5, Stephen Hoffman
> wrote:
> >> HPE transitioned OpenVMS Alpha into mature support — that's HPE-
> speak
> >> for "no patches" — over a year ago.
> >
> > If I were paying HPE for support, I'd really have to question what type
> of "support" they were providing if they declined to produce a patch for
> a known CVE, particularly when they seem to know what the fix entails.
> Perhaps HPE "support" just means access to the library of out-of-date,
> no-longer updated patches, plus occasional "reading service" to tell the
> user that something is in the manual? Perhaps they should reduce their
> support pricing to reflect the reality of the "support" they are providing...
>
> If you were paying HPE for VMS support on Alpha, you'd be an idiot, or
> worse. I
> certainly hope nobody fits into this catagory.
>
Lets not forget that some larger companies have policies that state ALL servers (esp. prod) MUST have support contracts in place. It is a risk mitigation strategy i.e. a single throat to choke.
In the big scheme of Operations support contracts, I highly doubt that even over priced Alpha support contracts is barely even a rounding error compared to what most companies pay annually in support contracts to Red Hat, Microsoft and/or Oracle.
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list