Date: Sun, 15 Apr 2001 23:52:54 -0700 (PDT) From: "Michael A. Dickerson" <mikey@singingtree.com> To: freebsd-security@freebsd.org Subject: Re: Security Announcements? Message-ID: <Pine.BSF.4.21.0104152340100.32591-100000@redlance.singingtree.com>
next in thread | raw e-mail | index | archive | help
Wes Peters wrote: > So what we're all kvetching about here is failing to read, or > even notice, a security alert that was sent out? What do you want? > If you want to pay some money for security support, we can probably > send Albert and Bill around the world with a baseball bat to beat > you over the head every time a security alert is issued, just to > make sure you don't miss it. Uh, no. Notice the date on the security advisory, which was more than one week after the bug was publicly announced, and a patch made available. That's what people were worried about. Now, Kris has since explained that he was out of town. That's bound to happen sometimes, unless someone starts chaining the (volunteer) security officer to his computer. However, the fact that the advisories are sometimes delayed is still a problem for some people. For instance, I might be unable to read -stable for a few days, but I have a perl script that pages me when advisories are issued. Obviously, I can't rely on that mechanism if advisories come out long after bugs are announced in other public forums. And who knows how many people only subscribe to freebsd-security-notifications and think they're safe for it? M.D. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104152340100.32591-100000>