Date: Mon, 2 Jun 1997 21:05:20 +1000 From: David Dawes <dawes@rf900.physics.usyd.edu.au> To: Eivind Eklund <perhaps@yes.no> Cc: rich@rich.isdn.bcm.tmc.edu, security@FreeBSD.ORG Subject: Re: X libraries Message-ID: <19970602210520.43280@rf900.physics.usyd.edu.au> In-Reply-To: <199706021020.MAA19289@bitbox.follo.net>; from Eivind Eklund on Mon, Jun 02, 1997 at 12:20:26PM %2B0200 References: <199705301538.RAA08714@bitbox.follo.net> <199705302341.SAA08966@rich.isdn.bcm.tmc.edu> <199706020619.IAA18628@bitbox.follo.net> <19970602165734.49045@rf900.physics.usyd.edu.au> <199706021020.MAA19289@bitbox.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 02, 1997 at 12:20:26PM +0200, Eivind Eklund wrote: >> >Depends on how people feel; I'm not quite certain how I we should >> >react to bugs in bundled software. >> > >> >> Have you talked to anyone else with XFree86 about it? >> > >> >No. However, it is all over bugtraq, so I guess they should know. >> >> You shouldn't make such assumptions. As it turns out we did know about >> it. But, if everyone had assumed that we wouldn't have known about it >> in time to do anything about it for this release. > >You know, I'm literally getting shivers down my spine when you say >that. BugTraq has 10k subscribers. When it has been posted there, it >should (IMHO) be more visible to a developer than if it had been on >the front page of all newspapers every day the last week. > >Sure, I can forward (which I more or less did, by Cc:'ing Rich) - but >it absolutely, positively shouldn't be necessary. Well, I've asked for someone on our large beta team to step forward and be our "security officer", but nobody seemed to be interested. There is a limit to what I can do personally, and I don't believe that I am qualified enough in regard to security issues to deal with this properly anyway. If anyone here wants to volunteer, please do. >(Sorry for the strong wording, but I'm actually quite upset by this. >I don't like doing this to people who are giving me of their time for >free. :-( Maybe you should direct your complaints to the source of the code, ie, The Open Group (formerly OSF) since the X Consortium ceased. They didn't appear to be aware of the problems before we were. David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970602210520.43280>