Date: Mon, 10 Nov 2003 11:35:18 -0500 From: Charles Swiger <cswiger@mac.com> To: "Mr.Arlen Britton" <Eg4VMnCmkP4hAKgEu97trXEdkeK@usfamily.net> Cc: freebsd-doc@FreeBSD.org Subject: Re: Web Site Usability Message-ID: <DEDC6F31-139B-11D8-AD24-003065ABFD92@mac.com> In-Reply-To: <575B3AA8-1396-11D8-85F3-0003936FD06A@usfamily.net> References: <575B3AA8-1396-11D8-85F3-0003936FD06A@usfamily.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 10, 2003, at 10:55 AM, Mr.Arlen Britton wrote: > Your site needs some work to make it usable for the average person,=20 > instead of the system administrators of these systems. For example, if=20= > one were looking for security patches or vulnerabilities for Mac OS X,=20= > there seems no way to search for them; I tried and got no results that=20= > identified anything this way. You're searching for MacOS X security holes on www.freebsd.org? This=20 counts as "operator error", not a problem with the FreeBSD web site. > At the same time, if you have a patch for the specific vulnerabilities=20= > in question, I don't think it would be too difficult for you to=20 > identify whether or not the flaw exists in previous versions of an OS=20= > (and which ones), and whether or not the patch would fix it in those=20= > versions. The left nav bar used for primary navigation from www.freebsd.org's=20 home page includes "Security", which takes you to=20 http://www.freebsd.org/security/. The security page discusses the=20 security officers for the FreeBSD project, and then provides a list of=20= security advisories, sorted by operating system release. > I think working closely with the OS vendors would enable them to=20 > provide this information to you. You're confused: the FreeBSD project is an operating system vendor. > Finally, you need to find a common method of identifying patches that=20= > are specific to each OS version, rather than the cryptic names you now=20= > give them; it certainly doesn't tell me anything at all, so I'm sure a=20= > much less sophisticated end user would be even more confused. The list looks like this: "Advisories are always signed using the FreeBSD Security Officer PGP=20 key and are archived, along with their associated patches, at our FTP=20 CERT repository. At the time of this writing, the following advisories=20= are currently available (note that this list may be a few days out of=20 date - for the very latest advisories please check the FTP site): =95 FreeBSD-SA-03:15.openssh.asc =95 FreeBSD-SA-03:18.openssl.asc =95 FreeBSD-SA-03:17.procfs.asc =95 FreeBSD-SA-03:16.filedesc.asc =95 FreeBSD-SA-03:14.arp.asc =95 FreeBSD-SA-03:13.sendmail.asc =95 FreeBSD-SA-03:12.openssh.asc =95 FreeBSD-SA-03:11.sendmail.asc =95 FreeBSD-SA-03:10.ibcs2.asc =95 FreeBSD-SA-03:09.signal.asc =95 FreeBSD-SA-03:08.realpath.asc FreeBSD 5.1-RELEASE released. =95 FreeBSD-SN-03:02.asc =95 FreeBSD-SN-03:01.asc FreeBSD 4.8-RELEASE released. =95 FreeBSD-SA-03:07.sendmail.asc =95 FreeBSD-SA-03:06.openssl.asc =95 FreeBSD-SA-03:05.xdr.asc =95 FreeBSD-SA-03:04.sendmail.asc =95 FreeBSD-SA-03:03.syncookies.asc =95 FreeBSD-SA-03:02.openssl.asc =95 FreeBSD-SA-03:01.cvs.asc [ ... ]" Is it hard to determine that the security advisiories deal with=20 OpenSSH, OpenSSL, /procfs, ...sendmail several times, etc? > When can these changes be made? If you have specific changes that you believe would help, submit them=20 as a PR or post them for us to review. --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DEDC6F31-139B-11D8-AD24-003065ABFD92>