From owner-cvs-all Fri Oct 6 1: 9:22 2000 Delivered-To: cvs-all@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id 594E537B66F for ; Fri, 6 Oct 2000 01:09:19 -0700 (PDT) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by david.siemens.de (8.11.0/8.11.0) with ESMTP id e9689FI18446; Fri, 6 Oct 2000 10:09:15 +0200 (MET DST) Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) by mail3.siemens.de (8.11.0/8.11.0) with ESMTP id e9689FX15681111; Fri, 6 Oct 2000 10:09:15 +0200 (MEST) Received: (from localhost) by curry.mchp.siemens.de (8.11.0/8.11.0) id e9689Fo32529; Date: Fri, 6 Oct 2000 10:09:14 +0200 From: Andre Albsmeier To: Alfred Perlstein Cc: Andre Albsmeier , cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001006100914.A66672@curry.mchp.siemens.de> References: <200010051715.e95HFVn34590@hak.lan.Awfulhak.org> <20001005135833.A87853@citusc17.usc.edu> <20001005142209.G27736@fw.wintelcom.net> <20001006074832.A9078@curry.mchp.siemens.de> <20001005233620.B27736@fw.wintelcom.net> <20001006090131.A61051@curry.mchp.siemens.de> <20001006005910.C27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001006005910.C27736@fw.wintelcom.net>; from bright@wintelcom.net on Fri, Oct 06, 2000 at 12:59:10AM -0700 X-Echelon: BND CIA NSA Mossad KGB MI6 IRA detonator nuclear assault strike Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 06-Oct-2000 at 00:59:10 -0700, Alfred Perlstein wrote: > * Andre Albsmeier [001006 00:01] wrote: > > On Thu, 05-Oct-2000 at 23:36:20 -0700, Alfred Perlstein wrote: > > > > > > In the form it was in the PR, ie "huge gaping security hole the > > > size of Montana" it was entirely useless. > > > > > > I should have said "useless/dangerous", not all useless patches > > > are dangerous but all dangerous patches are useless until corrected. > > > > In this case, it would have been enough to write > > > > 3) realize how (f*cking) dangerous it is > > > > :-). I read your words as if you tried to say that the whole thing > > is useless but, anyway, this has been cleared out now. > > If one had weighed the value of being able to finger files on a > remote machine versus the potential security implications of the > change i'm sure it would not have been added. I agree. As a conclusion we see again how important it is to review stuff properly as you did it with my PR as well. Thankfully, Garance A. Drosehn came up with a better version real quickly. I just was a little bit upset by the useless attribute for the PR :-) -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message