Date: Thu, 2 Dec 1999 05:22:43 -0800 From: Steve Reid <sreid@sea-to-sky.net> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Bill Swingle <unfurl@dub.net>, security@FreeBSD.ORG, Jordan Hubbard <jkh@FreeBSD.ORG> Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] Message-ID: <19991202052242.C7470@grok.localnet> In-Reply-To: <67349.944133898@axl.noc.iafrica.com>; from Sheldon Hearn on Thu, Dec 02, 1999 at 01:24:58PM %2B0200 References: <19991202032121.A7470@grok.localnet> <67349.944133898@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 02, 1999 at 01:24:58PM +0200, Sheldon Hearn wrote: > If you're not going to badger a port's maintainer until he/she does > something, you're unlikely to get results out of a single request. > That's why the PR system is good. The PR sits there pissing us off > until someone does something about it. :-) In my case I don't think it would've made a difference. Something _was_ done about it, but it was a halfway job. If it had been reported via a PR the PR would probably have been closed. I also didn't initally know if it was a FreeBSD problem or a [program in question] problem. I wanted to send to the program maintainer and the port maintainer just to be sure. I regret not cc'ing security-officer@freebsd.org; I remembered to do that this time. Like it or not email is a more-or-less universal form of communication. Send-pr is not. If the software maintainers can't deal with security issues sent in email form, that's a problem. And it's a problem not shared by the folks on Bugtraq. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991202052242.C7470>