Date: Fri, 16 Apr 2004 11:32:42 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: freebsd-security@FreeBSD.org Subject: HEADS UP Re: Changing `security@freebsd.org' alias Message-ID: <20040416163241.GA49780@madman.celabo.org> In-Reply-To: <20040407154220.GA5651@madman.celabo.org> References: <20040407154220.GA5651@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello again, The change discussed earlier has been made. Email to <security@FreeBSD.org> now reaches the security team rather than any public list. If you find any references to <security@FreeBSD.org> as a public list, please let me know. It appears that there were none on the web site or handbook or FAQ, but there could be some I missed. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org On Wed, Apr 07, 2004 at 10:42:20AM -0500, Jacques A. Vidrine wrote: > Hello Folks, > > The official email address for this list is > `freebsd-security@freebsd.org'. Due to convention, there is an email > alias for this list: security@freebsd.org, just as there is for > hackers@ & freebsd-hackers@, arch@ & freebsd-arch@, and so on. > > The security@freebsd.org alias has been the source of occassional > problems. Several times in the past, postings have been made to that > address under the assumption that address was directed to security > response personnnel, and not a public mailing list. Of course, this > was a reasonable assumption. Practically every vendor in the universe > uses security@ for that purpose, largely because RFC 2142 strongly > recommends it for that purpose. > > And sometimes one just makes a typo. It has not been > too uncommon for people to forget the `-officer' part of > `security-officer@freebsd.org'. (Yours truly has been guilty of > this.) > > Mistaken early disclosure of a vulnerability can have consequences > from the merely embarrasing to catastrophic. Therefore, I am > proposing that `security@freebsd.org' be re-routed to the Security > Officer. > > I imagine this will have some significant impact: there must be > many references to security@freebsd.org as a public list out there. > So, I thought I'd air the issue here before sending any request to > postmaster@. > > Cheers, > -- > Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040416163241.GA49780>