From owner-freebsd-security  Thu Jul 13 13:17:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6])
	by hub.freebsd.org (Postfix) with SMTP id 642A437C5D8
	for <security@FreeBSD.ORG>; Thu, 13 Jul 2000 13:17:44 -0700 (PDT)
	(envelope-from matt@ARPA.MAIL.NET)
Received: (qmail 68125 invoked by uid 1000); 13 Jul 2000 20:17:43 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 13 Jul 2000 20:17:43 -0000
Date: Thu, 13 Jul 2000 16:17:42 -0400 (EDT)
From: Matt Heckaman <matt@ARPA.MAIL.NET>
X-Sender: matt@epsilon.lucida.qc.ca
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: Re: Two kinds of advisories?
In-Reply-To: <4.3.2.7.2.20000713140559.04b7aec0@localhost>
Message-ID: <Pine.BSF.4.21.0007131615460.68096-100000@epsilon.lucida.qc.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: localhost 1.6.2 0/1000/N
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 13 Jul 2000, Brett Glass wrote:
...
: Yep. You get tons of hits. A recent article also overestimated the
: number of security problems in FreeBSD because the person who compiled
: the statistics used message headers from Bugtraq and didn't cull the
: problems which were due to ports.

Exactly. The 'local root' exploits to applications that aren't set-uid
root is another matter as well :)

: One way to deal with this problem would be to remove the name FreeBSD
: from the header altogether, labeling the effort to report bugs in ports
: with some other name. Other ideas?

Well, I don't know how this would play out, but I like your example for
the header, perhaps it wouldn't be a bad idea to do something like:

PORTS-SA:00:XX or whatnot. Keep the FreeBSD and Ports announcements
strictly seperate like that might not be a bad idea.
 
: --Brett


* Matt Heckaman   - mailto:matt@lucida.qc.ca  http://www.lucida.qc.ca/ *
* GPG fingerprint - A9BC F3A8 278E 22F2 9BDA  BFCF 74C3 2D31 C035 5390 *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: http://www.lucida.qc.ca/pgp

iD8DBQE5biPndMMtMcA1U5ARAmTkAJoDDhkhp/4g28HC4NFDLmWjYllgKACePQJM
CEPuWkjOkrlGeq13ILey+QQ=
=sNq0
-----END PGP SIGNATURE-----




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message