From owner-freebsd-security Mon Jun 2 03:21:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id DAA11262 for security-outgoing; Mon, 2 Jun 1997 03:21:11 -0700 (PDT) Received: from bitbox.follo.net (bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA11257 for ; Mon, 2 Jun 1997 03:21:08 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.7.6/8.7.3) id MAA19289; Mon, 2 Jun 1997 12:20:26 +0200 (MET DST) Date: Mon, 2 Jun 1997 12:20:26 +0200 (MET DST) Message-Id: <199706021020.MAA19289@bitbox.follo.net> From: Eivind Eklund To: David Dawes CC: perhaps@yes.no, rich@rich.isdn.bcm.tmc.edu, security@FreeBSD.ORG In-reply-to: David Dawes's message of Mon, 2 Jun 1997 16:57:34 +1000 Subject: Re: X libraries References: <199705301538.RAA08714@bitbox.follo.net> <199705302341.SAA08966@rich.isdn.bcm.tmc.edu> <199706020619.IAA18628@bitbox.follo.net> <19970602165734.49045@rf900.physics.usyd.edu.au> Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > >Depends on how people feel; I'm not quite certain how I we should > >react to bugs in bundled software. > > > >> Have you talked to anyone else with XFree86 about it? > > > >No. However, it is all over bugtraq, so I guess they should know. > > You shouldn't make such assumptions. As it turns out we did know about > it. But, if everyone had assumed that we wouldn't have known about it > in time to do anything about it for this release. You know, I'm literally getting shivers down my spine when you say that. BugTraq has 10k subscribers. When it has been posted there, it should (IMHO) be more visible to a developer than if it had been on the front page of all newspapers every day the last week. Sure, I can forward (which I more or less did, by Cc:'ing Rich) - but it absolutely, positively shouldn't be necessary. Eivind. (Sorry for the strong wording, but I'm actually quite upset by this. I don't like doing this to people who are giving me of their time for free. :-(