Date: Fri, 11 Aug 2000 10:30:15 -0400 From: System Administrator <admin@chemcomp.com> To: Warner Losh <imp@village.org> Cc: Kris Kennaway <kris@FreeBSD.org>, "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>, freebsd-security@FreeBSD.org Subject: Re: suidperl exploit Message-ID: <39940DF7.B33BC951@chemcomp.com> References: <Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org> <200008110345.VAA31632@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Would it be appropriate to have a part of the website dedicated to the publishing of current security vulnerabilities and how FreeBSD is *not* affected? :) -advocacy, I guess... but I think it would be a good idea since we have a lot of people showing up on the lists saying "is FBSD vulnerable for this?" I guess a website is a bit an overkill... A. Warner Losh wrote: > > In message <Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org> Kris Kennaway writes: > : Non-vulnerability alerts like some of the Linux vendors have started > : issuing are stupid. If there's no problem, there's no problem, and as long > : as you provide a reliable service when there *are* problems, there's no > : need to publicize the negative result. The few people who have heard about > : it through other channels and want specific reassurance can easily be > : accomodated individually through other means (e.g. this list) with much > : less effort and without the confusion from people who misinterpet the > : contents of the "advisory" as meaning they have to take some action. > > Yes. I agree completely. If that load gets too high, then we can put > up an notice on a web site. Such notice might not be a bad idea > anyway, but we don't have a good mechanism for that. > > It also would artificially bloat the advisory numbers in bugtraq too, > which we wouldn't want to do. We want to spend those chits on real > problems. > > Warner > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Antoine Beaupre System Administrator Chemical Computing Group, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39940DF7.B33BC951>