On Friday 06 July 2001 23:24, Jair Pedro wrote:
> After reading the article, I went to oracle to download the patch and was
> very surprised that in order do download the patch I would have to Pay!!!
> To access the restrict area where I could get the patches I would have to
> had a contract with them, which costs about 22% of the licence I already
> have.
>
> I tried to explain them by phone and email that was not my fault the fact
> that their product had this serious security flaw and all they said was
> their assistance in free basis was only during the first 3 months after
> install and "you would have a lot of advantages signing our support
> services".
Depending on your country of origin - you could have some consumer protection.
eg. in the UK you would probably be supported by /the sale of goods act/
in as much as the security of the product ought to be considered critical
to the enterprise concerned - and thus the product be /unfit for the purpose
intended/. Never mind the fact that they may have shipped faulty goods.
Even the possibility of a potential court case being filed against oracle
based ont he being unfit for the purpose - would be rather embarrasing for
oracle.
> I dont want support as far we have almost half a ton of books on our
> development department and all the news group on the internet...
>
> There is nothing I can do now, except to pay to correct their very own
> error, but, on my company, I do not intend to deploy any others product
> which similiar politic$ for patches.
>
> The next time we need a database, it will not be an Oracle.
> I'd like to hear from the list if there are others companies/products with
> such an absurd policy.
>
> tks
>
> Jair
> ----- Original Message -----
> From: "Aaron C. Newman" <[EMAIL PROTECTED]>
> To: "Jeffrey M. Smith" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, June 29, 2001 8:06 PM
> Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
>
> > I also could not locate a patch or even a reference to the bug id either.
