RE: setsppfp bug

> -----Original Message-----
> From: Leif Svalgaard [mailto:leif@leif.org]
> 
> From: Shaw, David <dshaw@spartan.com>
> > > >The LOGINP exposure was "public" knowledge on the /38 back 
> > > in the '80's -
> 
> In view of this the following quote from a recent posting by 
> Ed Fishel (IBM, Roch.) is remarkable:
> 
> "The security team discovered the LOGINP sign-on exposure for 
> the first time
> several months ago."

Isn't it, though?  I think it's pretty likely that the PRESENT security team
discovered the exposure recently, and that none of the present team was in
place back in the '80's.  Also, I don't know if anyone here remembers what
it was like trying to report a problem on the /38 after the "XPF" developers
were extracted from the "CPF" groups - it became quite frustrating.  I'm
sure we also have a few fossils here who remember how long it took OS/400
V1R1 to reach PTF parity with CPF R8.0 - they didn't do a real good job of
handling the crossovers that SHOULD have been in there.  I always had the
feeling that they were just trying to do too much with the resources that
they had in place, and we customers were the ones caught paying for it.
Just MHO, of course.

Dave Shaw
Spartan International, Inc.
Spartanburg, SC
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---