From owner-freebsd-security Mon Jun 24 18: 6:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 2A20837B400 for ; Mon, 24 Jun 2002 18:06:44 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id A5E943A; Mon, 24 Jun 2002 20:06:43 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g5P16hiD043502; Mon, 24 Jun 2002 20:06:43 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g5P16hnA043501; Mon, 24 Jun 2002 20:06:43 -0500 (CDT) Date: Mon, 24 Jun 2002 20:06:43 -0500 From: "Jacques A. Vidrine" To: Theo de Raadt Cc: freebsd-security@FreeBSD.ORG Subject: Re: Hogwash Message-ID: <20020625010643.GC43386@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Theo de Raadt , freebsd-security@FreeBSD.ORG References: <20020625005318.GB43386@madman.nectar.cc> <200206250058.g5P0wgLJ021374@cvs.openbsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200206250058.g5P0wgLJ021374@cvs.openbsd.org> User-Agent: Mutt/1.4i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jun 24, 2002 at 06:58:42PM -0600, Theo de Raadt wrote: > > Still, we'll all be much more at ease once all the cards are on the > > table. I appreciate that you are trying to prepare users, but forgive > > me if I don't agree that witholding the details is the best approach. > > So please, humour me. Who precisely should I be telling this > information to, who isn't going to leak it, ship patches to their > customers early, etc. > > Who? Your favorite pet? :-) And then muzzle it. I don't disagree that leaks happen. That's Just the Way It Is. I'd rather we had the information now to make wise choices about what to do with deployed systems, custom hacks, and older-but-still-supported releases --- knowing there is a possibility for `leakage' that grows with time. As it is, we'll just have to wait until... what... Thursday? Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message