Yet another so called "export" wanting to mandate choice on others. Some of us in the "real" world run olds apps not by choice, but by circumstance.

I STILL have the original (4.?) sendmail running on SunOS 4.0.2 on a 3/260, not because I want it, not because I'm lazy, but because the machine is in charge of a very large medical device, and has been for 11 years.

ANY configuration change to this paticular machine is followed by 10s of thousands of dollars in patient safety certification. A forced upgrade of statd could cause millions of lost dollars in downtime, if there was a bug in a newer version that caused changes in the operations of the embedded systems that use rpc to talk to this box.

It lives on a private network, not reachable to the internet at large, and yes, it mails daily reports to medical personal daily. Forcing a software change on a machine like this (and there is more than just this one in the world even today) is just a stupid idea.

All old or broken software is not necessarily a security risk. Or even hackable. If the machine's not reachable, it's not a problem.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/72/11636#11636