From owner-freebsd-security Thu Jul 13 11:57:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id F3E8137B874 for ; Thu, 13 Jul 2000 11:57:34 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA71079; Thu, 13 Jul 2000 14:57:23 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 13 Jul 2000 14:57:23 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Bill Fumerola Cc: Brett Glass , security@FreeBSD.ORG Subject: Re: Two kinds of advisories? In-Reply-To: <20000713142735.K4034@jade.chc-chimes.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 13 Jul 2000, Bill Fumerola wrote: > On Thu, Jul 13, 2000 at 02:21:09PM -0400, Robert Watson wrote: > > > That was the whole point of putting "ports" in there in the first place, a > > relatively recent change. The advisories are very careful to distinguish > > the ports/packages from the base system, and to disclaim responsibility > > for them. I think we've done the right thing as it stands. At some > > point, people will need to understand that distinction for themselves. > > Well, it is when we do it right. See the "ports advisory" for the recent > ipopts pagefault stuff. The theory is right, it's just the implementation that is lacking. Like in physics... :-) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message