[Info-vax] DCL vulnerability write up on The Register

DaveFroble davef at tsoft-inc.com
Fri Feb 9 23:25:13 EST 2018 

Kerry Main wrote:
>> -----Original Message-----
>> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf Of
>> DaveFroble via Info-vax
>> Sent: February 9, 2018 1:50 AM
>> To: info-vax at rbnsn.com
>> Cc: DaveFroble <davef at tsoft-inc.com>
>> Subject: Re: [Info-vax] DCL vulnerability write up on The Register
>>
>> terry-groups at glaver.org wrote:
>>> On Thursday, February 8, 2018 at 12:29:52 PM UTC-5, Stephen Hoffman
>> wrote:
>>>> HPE transitioned OpenVMS Alpha into mature support — that's HPE-
>> speak
>>>> for "no patches" — over a year ago.
>>> If I were paying HPE for support, I'd really have to question what type
>> of "support" they were providing if they declined to produce a patch for
>> a known CVE, particularly when they seem to know what the fix entails.
>> Perhaps HPE "support" just means access to the library of out-of-date,
>> no-longer updated patches, plus occasional "reading service" to tell the
>> user that something is in the manual? Perhaps they should reduce their
>> support pricing to reflect the reality of the "support" they are providing...
>>
>> If you were paying HPE for VMS support on Alpha, you'd be an idiot, or
>> worse.  I
>> certainly hope nobody fits into this catagory.
>>
> 
> Lets not forget that some larger companies have policies that state ALL servers (esp. prod) MUST have support contracts in place. It is a risk mitigation strategy i.e. a single throat to choke.

So what?  If the throat called HPE tells the support customer to "pound salt", 
there is no new patches and such, what good is that policy?

> In the big scheme of Operations support contracts, I highly doubt that even over priced Alpha support contracts is barely even a rounding error compared to what most companies pay annually in support contracts to Red Hat, Microsoft and/or Oracle. 

It's not a question of cost, it's a question of "will you actually get support 
if you need it".

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list