From owner-freebsd-security  Mon Jul 20 14:41:27 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA20623
          for freebsd-security-outgoing; Mon, 20 Jul 1998 14:41:27 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from sasami.jurai.net (winter@sasami.jurai.net [207.153.65.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA20615
          for <security@FreeBSD.ORG>; Mon, 20 Jul 1998 14:41:22 -0700 (PDT)
          (envelope-from winter@jurai.net)
Received: from localhost (winter@localhost)
	by sasami.jurai.net (8.8.8/8.8.7) with SMTP id RAA21872;
	Mon, 20 Jul 1998 17:40:35 -0400 (EDT)
Date: Mon, 20 Jul 1998 17:40:35 -0400 (EDT)
From: "Matthew N. Dodd" <winter@jurai.net>
To: Brett Glass <brett@lariat.org>
cc: "Christopher G. Petrilli" <petrilli@dworkin.amber.org>,
        "Gentry A. Bieker" <gbieker@crown.NET>, security@FreeBSD.ORG
Subject: Re: Why is there no info on the QPOPPER hack?
In-Reply-To: <199807201828.MAA21514@lariat.lariat.org>
Message-ID: <Pine.BSF.3.96.980720173840.10970g-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


This sort of thing tends to go over poorly at security audits and with
people who's heads are on the line when things break.

I'm not willing to trust a 3rd party with that level of control of my
system.  

Nobody should be that trusting.

Just think of what would happen if the update process was compromised.

On Mon, 20 Jul 1998, Brett Glass wrote:
> I'd go further. I'd be willing to allow an INSTANT automatic upgrade 
> if the FreeBSD Security Manager sent a message, digitally signed with
> a nice, long key, saying that a serious exploit might be imminent. It'd
> be worth the risk. In the case of the QPopper hole, it would have been
> the Right Thing.
> 
> The feature would, of course, be optional. Not everyone would turn it on,
> but *I* would.



/* 
   Matthew N. Dodd		| A memory retaining a love you had for life	
   winter@jurai.net		| As cruel as it seems nothing ever seems to
   http://www.jurai.net/~winter | go right - FLA M 3.1:53	
*/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message