On Tue, Jul 11, 2017 at 2:09 PM, DrFranken <midrange@xxxxxxxxxxxx> wrote:
Working as designed, yes. Does the design need updating? Perhaps it does and
if so, the program isn't broken, it merely needs a new version to address
new requirements.

OK. So you don't seem to want to even acknowledge that reasonable
people could disagree on when to use the word "fix". I'll cede that
dead horse to you, then.

Here's another articulation of why I feel put off when IBM (or its
advocates) invoke the "we'll only do fixes" rationale. And before I
get too far, I know people either are just joining in or have
completely forgotten what was written previously, so I'll repeat:

I believe IBM is completely justified in not adding the new ciphers to
7.1. That's not a point of contention for me.

Rob pointed out what I consider very good justification:

"And, once again, if you read the what's new in 7.2 related to this
area you will find they added some underlying support to even allow
them to support the new ciphers. It was pervasive enough it couldn't
just be done with a PTF."

He also gave some links for further reading on why 7.2 is so much
better equipped for handling the new ciphers. It's pretty clear that
bringing 7.1 "up to snuff" would require quite a lot of effort and
wouldn't be worth it at this late stage in 7.1's life cycle.

But let's imagine for a moment that 7.1's design were such that it
*would* be pretty easy to provide the new ciphers. Let's say it would
be a small project on IBM's part, and patching 7.1 would require just
one PTF. Would IBM provide the PTF then?

If IBM offers extra-cost extended maintenance (I am not sure if IBM is
doing this for 7.1, but for this exercise, let's pretend they are),
would the PTF at least be made available to those who are paying
(perhaps through the nose) for the extended maintenance?

What bugs me is that the "we'll only do fixes, and this is not a fix"
policy means that even if it were easy and cheap, and even potentially
profitable for IBM, they *still* wouldn't provide the new ciphers. On
the grounds that they don't *call* it a fix, no matter what the
security community or loyal, paying customers might think.

John Y.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.