From owner-freebsd-security  Thu Aug 10 20:46:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id BCC8937B6ED; Thu, 10 Aug 2000 20:46:20 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA06452;
	Thu, 10 Aug 2000 21:46:19 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA31632; Thu, 10 Aug 2000 21:45:50 -0600 (MDT)
Message-Id: <200008110345.VAA31632@harmony.village.org>
To: Kris Kennaway <kris@FreeBSD.org>
Subject: Re: suidperl exploit 
Cc: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>,
	freebsd-security@FreeBSD.org
In-reply-to: Your message of "Thu, 10 Aug 2000 20:38:25 PDT."
		<Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org> 
References: <Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org>  
Date: Thu, 10 Aug 2000 21:45:50 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org> Kris Kennaway writes:
: Non-vulnerability alerts like some of the Linux vendors have started
: issuing are stupid. If there's no problem, there's no problem, and as long
: as you provide a reliable service when there *are* problems, there's no
: need to publicize the negative result. The few people who have heard about
: it through other channels and want specific reassurance can easily be
: accomodated individually through other means (e.g. this list) with much
: less effort and without the confusion from people who misinterpet the
: contents of the "advisory" as meaning they have to take some action.

Yes.  I agree completely.  If that load gets too high, then we can put
up an notice on a web site.  Such notice might not be a bad idea
anyway, but we don't have a good mechanism for that.

It also would artificially bloat the advisory numbers in bugtraq too,
which we wouldn't want to do.  We want to spend those chits on real
problems.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message