Date: Thu, 13 Jul 2000 14:04:51 -0600 From: Brett Glass <brett@lariat.org> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Susie Ward <sward@voltage.net>, security@FreeBSD.ORG Subject: Re: Two kinds of advisories? Message-ID: <4.3.2.7.2.20000713135632.04b63890@localhost> In-Reply-To: <Pine.NEB.3.96L.1000713153609.71313A-100000@fledge.watson.o rg> References: <4.3.2.7.2.20000713132400.04b73af0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:42 PM 7/13/2000, Robert Watson wrote: >Here's a recent sample: > >Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd > >What information could we add here that would improve things? Let's look closely at this and see why this might cause a panicky call from a client (which it did, by the way; and, yes, I did bill him for the time I spent making sure he wasn't running wu-ftpd). First, it mentions FreeBSD twice and wu-ftpd only once. Second, wu-ftpd is mentioned at the end where it may fall off the end of the recipient's e-mail window, leaving TWO mentions of FreeBSD visible and no mention of the offending app. Finally, by giving the problem a code, or number, beginning with FreeBSD, it makes it look like a FreeBSD problem. Personally, I'm very glad for the advisories -- you may recall that I returned from my honeymoon to find a system rooted due to a QPopper exploit. I only wish that the CDs were updated quickly enough to prevent more copies of exploitable ports from going out! (People who install from the CDs often don't know how to pick up new ports, and it's not obvious from the sysinstall UI.) But if the advisory said: Security Advisory: Remote root exploit in wu-ftpd (FreeBSD-SA-00:29) it'd produce fewer calls from nervous clients. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000713135632.04b63890>