Can ISVs redistribute .NET Framework 1.1 SP1?

[Craig]

The EULA for the SP1 installation appears to prohibit myself (as an ISV)
from shipping SP1 on my own product's installation media. We currently
distribute the .NET Framework 1.1 redistributable package on a CD with our
product so customers have everything they need to get up and running.

Was this an omission or did Microsoft intend to prevent ISVs from
distributing the SP? Considering that there is no slipstreaming of Framework
Service Packs, this leaves us ISVs in a spot, because with no SP1 on our CD
we are forced to leave our customers vulnerable to whatever security fixes
were in SP1.

Thanks
Craig

 

[Peter Huang]

Hi Craig,

Now I am researching the issue to see if there is any document on this
issue, and I will follow up ASAP.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Nick Malik]

Hi Craig,

You may want to leave that SP off of your distribution. Installing it on
the client's machine can cause existing applications (ones you did not
write) to fail.
The newsgroups are starting to show many issues with installing .Net
Framework 1.1 SP1 and .Net Framework 1.0 SP3 with their "security fixes"
that strongly affect the behavior of the app, and other changes that appear
simply to be bugs in the service pack.

My personal advice on this one: Hold off.

(If your users are using XP, you can *recommend* that they install XP SP2,
which includes .NET Framework 1.1 SP1. That way, you can feel better
knowing that security measures have been applied while still being off the
hook for any bugs, since that SP comes from Microsoft directly).

-- Nick

 

[Peter Huang]

Hi Nick,

So far I can not find any official document about the issue, I think you
may try to contact customer service because this newsgroup is for
development issue and this issue seems to be non technique but marketing
related.

You may refer to the link to see which one is more proper for you.
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer02a&sd=GN

Thank you for your understanding.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Craig]

Thanks Nick, personally I agree with you and I am recommending we don't
include SP1. However there are people in my organization who believe that by
providing unpatched vulnerable code (FW without SP) on our CD we are
somehow exposing our customers to great risk. I don't think it is the
responsibility of ISVs to worry about patching Microsoft components unless
there is a clear direct problem/vulnerability related to our products' usage
of those components.

The only argument being made to include SP1 was a general "well, Microsoft
says it is 'Critical', therefore we should redist it".

Craig

 

[Craig]

Thanks for the offer, but I think I'll decide to not spend $99/$245 of my
money resolving a problem that was created by Microsoft in the first place.
Perhaps a more proactive approach would be for you to forward this issue to
the relevant party at Microsoft? Just a friendly suggestion

Craig

 

[Peter Huang]

Hi Craig,

Thank for you suggestion, I would like to say that since the sp1 is just
released, there is no official declaration on this issue based on my
consulting, a more official approach I can recommend was to submit this
feedback on the Product Feedback Center, and someone closer to the
situation will be able to let you know what the
plans in that area are. (http://lab.msdn.microsoft.com/productfeedback/)

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Yan-Hong Huang[MSFT]]

Hi Craig,

You may not need to pay for this type of question. Just call the phone
numbers of customer service and let them know this is a product
redistribution question and ask them to redirect it to a marketing
department or some proper phones.

Thanks very much.

Support For Phone Numbers
Small or Home Business (800) 936-4900
Developer (800) 936-5800
IT Professional (800) 936-4900
Partner (resellers or consultants) (888) 456-5570
Original Equipment Manufacturer (800) 936-2197
System Builder (888) 456-5570
Certified Partner (888) 677-9444
TDD/TTY (800) 892-5234

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn

This posting is provided "AS IS" with no warranties, and confers no rights.