From owner-freebsd-security Thu Dec 2 5:23:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from tusk.mountain-inter.net (tusk.mountain-inter.net [204.244.200.1]) by hub.freebsd.org (Postfix) with ESMTP id 27B4514E4A; Thu, 2 Dec 1999 05:23:35 -0800 (PST) (envelope-from sreid@sea-to-sky.net) Received: from grok.localnet (unknown@analog4.sq.mntn.net [204.244.200.13]) by tusk.mountain-inter.net (8.9.3/8.9.3) with ESMTP id FAA14275; Thu, 2 Dec 1999 05:22:06 -0800 Received: by grok.localnet (Postfix, from userid 1000) id 6EF08212E07; Thu, 2 Dec 1999 05:22:43 -0800 (PST) Date: Thu, 2 Dec 1999 05:22:43 -0800 From: Steve Reid To: Sheldon Hearn Cc: Bill Swingle , security@FreeBSD.ORG, Jordan Hubbard Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] Message-ID: <19991202052242.C7470@grok.localnet> References: <19991202032121.A7470@grok.localnet> <67349.944133898@axl.noc.iafrica.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <67349.944133898@axl.noc.iafrica.com>; from Sheldon Hearn on Thu, Dec 02, 1999 at 01:24:58PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 02, 1999 at 01:24:58PM +0200, Sheldon Hearn wrote: > If you're not going to badger a port's maintainer until he/she does > something, you're unlikely to get results out of a single request. > That's why the PR system is good. The PR sits there pissing us off > until someone does something about it. :-) In my case I don't think it would've made a difference. Something _was_ done about it, but it was a halfway job. If it had been reported via a PR the PR would probably have been closed. I also didn't initally know if it was a FreeBSD problem or a [program in question] problem. I wanted to send to the program maintainer and the port maintainer just to be sure. I regret not cc'ing security-officer@freebsd.org; I remembered to do that this time. Like it or not email is a more-or-less universal form of communication. Send-pr is not. If the software maintainers can't deal with security issues sent in email form, that's a problem. And it's a problem not shared by the folks on Bugtraq. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message