From owner-freebsd-hackers  Tue Mar 21  3: 8:13 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail.palmerharvey.co.uk (mail.palmerharvey.co.uk [62.172.109.58])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7EE0037B762; Tue, 21 Mar 2000 03:08:07 -0800 (PST)
	(envelope-from Dom.Mitchell@palmerharvey.co.uk)
Received: from ho-nt-01.pandhm.co.uk (unverified) by mail.palmerharvey.co.uk
 (Content Technologies SMTPRS 4.0.1) with ESMTP id <B3eac6d3a4b159879aa@mail.palmerharvey.co.uk>;
 Tue, 21 Mar 2000 11:07:41 +0000
Received: from ADMIN ([10.100.1.20]) by ho-nt-01.pandhm.co.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id G3Y8SZM6; Tue, 21 Mar 2000 11:06:04 -0000
Received: from [10.100.35.12] (helo=voodoo.pandhm.co.uk)
	by admin with esmtp (Exim 1.92 #1)
	id 12XMVz-0007Yi-00; Tue, 21 Mar 2000 11:07:59 +0000
Received: by voodoo.pandhm.co.uk (Postfix, from userid 104)
	id 1CC8E236; Tue, 21 Mar 2000 11:07:58 +0000 (GMT)
Date: Tue, 21 Mar 2000 11:07:58 +0000
To: Dave McKay <dave@mu.org>
Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org
Subject: Re: ports security advisories..
Message-ID: <20000321110758.B913@voodoo.pandhm.co.uk>
References: <20000320154614.A63670@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20000320154614.A63670@elvis.mu.org>; from dave@mu.org on Mon, Mar 20, 2000 at 09:46:14PM -0000
X-Warning: Go away or I will replace you with a very small shell script.
X-OS: FreeBSD 3.4-STABLE i386
X-Uptime: 5:01PM  up  1:18, 8 users, load averages: 0.06, 0.11, 0.19
From: Dom.Mitchell@palmerharvey.co.uk (Dominic Mitchell)
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Mar 20, 2000 at 09:46:14PM -0000, Dave McKay wrote:
> Is it really necessary to post the ports security advisories?
> The exploitable programs are not part of the FreeBSD OS, they
> are third party software.  I think the proper place for these
> is the Bugtraq mailing list on securityfocus.com.  Also to add
> to the arguments, most of the advisories are not FreeBSD
> specific.

Just to add a point here, some of the problems noted in these advisories
*have* been FreeBSD specific, due to the way that a port has modified
the default install, or suchlike.  So it's definitely up to us to point
this out.
-- 
Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator

	``Putting the doh! into dot-com.''


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message