From owner-cvs-all  Sat Oct 20  1:51: 5 2001
Delivered-To: cvs-all@freebsd.org
Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1678037B401; Sat, 20 Oct 2001 01:50:57 -0700 (PDT)
Received: from localhost (jkh@localhost [127.0.0.1])
	by winston.freebsd.org (8.11.6/8.11.6) with ESMTP id f9K8o7w69390;
	Sat, 20 Oct 2001 01:50:08 -0700 (PDT)
	(envelope-from jkh@freebsd.org)
To: kris@obsecurity.org
Cc: cvs-committers@freebsd.org, cvs-all@freebsd.org
Subject: Re: cvs commit: www/en index.xsl
In-Reply-To: <20011020011816.A70167@xor.obsecurity.org>
References: <200110200439.f9K4dqF53354@freefall.freebsd.org>
	<20011020011816.A70167@xor.obsecurity.org>
X-Mailer: Mew version 1.94.1 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20011020015007G.jkh@freebsd.org>
Date: Sat, 20 Oct 2001 01:50:07 -0700
From: Jordan Hubbard <jkh@freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Lines: 30
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Well, I wouldn't say that there was "harm" in continuing to display it
since harm's a strong word, but I certainly agreed with Murray that
plastering it right across the home page was a little extreme for more
than a few weeks.  To put it mildly, it was pretty ugly.  If you want
to educate the johnny-come-latelys from the top page, my suggestion
would be to have a permanent (and somewhat more innocuous) security
link which points to a page which contains everything that's been
discovered over the past year or so WRT security issues.

- Jordan

> On Fri, Oct 19, 2001 at 09:39:51PM -0700, Jordan K. Hubbard wrote:
> > jkh         2001/10/19 21:39:51 PDT
> > 
> >   Modified files:
> >     en                   index.xsl 
> >   Log:
> >   Stop screaming about the telnet exploit. It's been long enough.
> >   
> >   Noticed by:	murray
> 
> Actually I had wanted to leave it there a bit longer.  There's no harm
> in continuing to advertise it: historically, it seems to take around 6
> months for most people to upgrade their systems to fix vulnerabilities
> (e.g. the last bind root exploit took >6 months for the complaint
> emails about named dying to tail off).  This suggests that there are
> likely to still be a lot of people out there who haven't heard about
> the problem yet.
> 
> Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message