From owner-freebsd-chat Wed Feb 5 18:38:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA06169 for chat-outgoing; Wed, 5 Feb 1997 18:38:17 -0800 (PST) Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA06136; Wed, 5 Feb 1997 18:37:58 -0800 (PST) Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id SAA26191; Wed, 5 Feb 1997 18:37:30 -0800 (PST) To: dg@root.com, spork@super-g.com, tqbf@enteract.com, freebsd-chat@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: Blacklisting and being "asked" to deinstall FreeBSD - you heard that right! In-reply-to: Your message of "Wed, 05 Feb 1997 19:28:57 CST." <199702060128.TAA22263@Jupiter.Mcs.Net> Date: Wed, 05 Feb 1997 18:37:30 -0800 Message-ID: <26186.855196650@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-chat@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > You made it VERY clear that either I play by YOUR rules or forget playing > at all. You represented this as the position of the ENTIRE core team. > >You lied about John Dyson's position on the issues; I talked to him >IMMEDIATELY after you hung up. He said in no uncertain terms that he I could respond to Karl on this, but I won't as it's obviously more than pointless by now. Suffice it to say that I never even mentioned John Dyson during our phone conversation and did not claim to speak for all of core, so those who are wondering whether I've gone and crowned myself King can stop wondering. Karl's summary of our phone conversation bears no resemblance to the reality of what actually took place and I rather wish I'd recorded it myself. In any case... Here is a summary of the *technical* situation at this time: A 2.1.6 emergency machine has been built and is now rolling a 2.1.7 release. I'm also in the process of sending out a CERT advisory with fixes and David has already stayed up all night getting them into all 3 branches, so I think we're now in pretty good shape where this is concerned but will have more news tomorrow after the 2.1.7 build has finished (or not). There is also a general security audit now underway, spearheaded by Paul Traina, and he's done a sign-up sheet for people willing to take a piece of /usr/src away and look at it for security problems (others who wish to cull the *BSD PR databases or investigate other sources also being more than welcome to take that approach). Once it's finished being passed around in -core and some folks have signed up for various things, I'll post the roster here and we can search for volunteers to cover the missing bases. I also think that a complete walk-through of our codebase is probably long overdue anyway, and this is a good chance for everyone to prove the old maxim that security begins at home (or was that charity? :-). Talk to me or security-officer@freebsd.org if you'd like to jump on board. Thanks! Jordan