Date: Tue, 6 Aug 2002 14:03:00 -0400 From: Anatole Shaw <shaw@autoloop.com> To: Dag-Erling Smorgrav <des@ofug.org> Cc: freebsd-security@freebsd.org Subject: Re: advisory coordination (Re: SA-02:35) Message-ID: <20020806140300.A24745@kagnew.autoloop.com> In-Reply-To: <xzpznw0fgez.fsf@flood.ping.uio.no>; from des@ofug.org on Tue, Aug 06, 2002 at 12:08:36PM %2B0200 References: <1028312148.3d4acc54c5eef@webmail.vsi.ru> <xzpado0hp1h.fsf@flood.ping.uio.no> <20020806053237.A49851@kagnew.autoloop.com> <xzpznw0fgez.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 06, 2002 at 12:08:36PM +0200, Dag-Erling Smorgrav wrote: > What do you propose? I think that a policy of issuing "early warning" advisories, as Colin Percival extrapolated from my original post, is one right solution. That is, an incomplete advisory is better than no advisory at all, when bug details (i.e. patch) are already circulating. Some other OS vendors issue advisories that say little more than "hurry up and download the patch," but at least those make admins aware that an issue exists. I'd be happy to help make a (better, obviously) "early warning system" happen for FreeBSD, if people agree that it's a good idea. We're all on the same boat here. Regards, -- Anatole Shaw Autoloop Security Consulting http://www.autoloop.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020806140300.A24745>