Date: Wed, 01 Dec 1999 09:26:26 -0700 From: Warner Losh <imp@village.org> To: Brad Knowles <blk@skynet.be> Cc: tstromberg@rtci.com, freebsd-audit@FreeBSD.ORG Subject: Re: Where to start? Heres a few overflows. Message-ID: <199912011626.JAA02551@harmony.village.org> In-Reply-To: Your message of "Wed, 01 Dec 1999 17:22:27 %2B0100." <v04205513b46afa98c429@[195.238.21.204]> References: <v04205513b46afa98c429@[195.238.21.204]> <384527B9.3A3E3C41@rtci.com> <38445A6A.50245AF5@rtci.com> <199911302322.QAA05983@harmony.village.org> <199912011609.JAA02320@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <v04205513b46afa98c429@[195.238.21.204]> Brad Knowles writes: : As I recall, one of the goals that OpenBSD used in their audit : process was that they fixed bugs wherever they ran across them, : regardless of whether they believed they were exploitable. This has : protected them against a number of exploits that have since become : known, since the bug that someone is trying to exploit simply no : longer exists under OpenBSD. : : Do we not want to employ the same kind of methodology, or have I : missed something here? Yes, we do, but we don't want to put everything into stable on an expitited basis unless there is a compelling reason to expitite the change. We do want to merge these changes into stable when they have stood the test of time in -current first. That's my only point here. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912011626.JAA02551>