This reminds me of a time at Red Hat when a worm was going around and infecting Red Hat systems, one of the engineers reverse engineered the worm and wanted to release it in the wild to fix the bug, legal wouldn’t let them. I think legal was right (for a public company) but this kind of shows the actual right response, in my opinion.
Keep in mind in like 1999, you didn’t expect upgrades via package managers online for most large customers so this was an appealing release vector.
It also sounds like the time Max Butler exploited a buffer overflow in BIND to patch a bunch of DOD systems. As we later found out, he added some extra "functionality" to that patch. Who's to say FBI hasn't done that in some small fraction of cases?
Yeah I can understand legal's approach and maybe not wanting test the waters by going to a judge and all that work.
Microsoft and the DOJ have established a track record of getting judicial approval and so on. I'm sure now it is a much more known quantity / outcome legally for them than Red Hat back in 1999. I can imagine there is a good chance of a judge in 1999 think "You're who? and you want to wut wut the wut wut?"
Keep in mind in like 1999, you didn’t expect upgrades via package managers online for most large customers so this was an appealing release vector.