From owner-freebsd-security Mon Mar 20 14:12:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from mercure.IRO.UMontreal.CA (mercure.IRO.UMontreal.CA [132.204.24.67]) by hub.freebsd.org (Postfix) with ESMTP id E5D4437B9B9 for ; Mon, 20 Mar 2000 14:12:07 -0800 (PST) (envelope-from beaupran@IRO.UMontreal.CA) Received: from blc25.IRO.UMontreal.CA (IDENT:root@blc25.IRO.UMontreal.CA [132.204.21.39]) by mercure.IRO.UMontreal.CA (8.9.3/8.9.3) with ESMTP id RAA05525; Mon, 20 Mar 2000 17:11:43 -0500 Received: (from beaupran@localhost) by blc25.IRO.UMontreal.CA (8.9.3/8.9.3) id RAA02194; Mon, 20 Mar 2000 17:11:43 -0500 Full-Name: Antoine Beaupre X-Authentication-Warning: blc25.IRO.UMontreal.CA: beaupran set sender to beaupran@IRO.UMontreal.CA using -f From: Antoine Beaupre MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14550.41503.132314.613733@blc25.IRO.UMontreal.CA> Date: Mon, 20 Mar 2000 17:11:43 -0500 (EST) To: Dave McKay Cc: freebsd-security@FreeBSD.ORG Subject: Re: ports security advisories.. References: <20000320154614.A63670@elvis.mu.org> X-Mailer: VM 6.75 under Emacs 20.3.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [trimmed -hackers from CC:] I personnally think that yes, it is necessary. And I consider that the ports collection is part of FreeBSD and any use use of it that may be harmful must be published. The software is not FBSD responsability but if we find bugs in the ports, better report them. My 2 cents. --- Big Brother told Dave McKay to write, at 15:46 of March 20: > Is it really necessary to post the ports security advisories? > The exploitable programs are not part of the FreeBSD OS, they > are third party software. I think the proper place for these > is the Bugtraq mailing list on securityfocus.com. Also to add > to the arguments, most of the advisories are not FreeBSD > specific. > > -- > Dave McKay > Network Engineer - Google Inc. > dave@mu.org - dave@google.com > I'm feeling lucky... -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message