Date: Thu, 13 Jul 2000 16:17:42 -0400 (EDT) From: Matt Heckaman <matt@ARPA.MAIL.NET> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Two kinds of advisories? Message-ID: <Pine.BSF.4.21.0007131615460.68096-100000@epsilon.lucida.qc.ca> In-Reply-To: <4.3.2.7.2.20000713140559.04b7aec0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 13 Jul 2000, Brett Glass wrote: ... : Yep. You get tons of hits. A recent article also overestimated the : number of security problems in FreeBSD because the person who compiled : the statistics used message headers from Bugtraq and didn't cull the : problems which were due to ports. Exactly. The 'local root' exploits to applications that aren't set-uid root is another matter as well :) : One way to deal with this problem would be to remove the name FreeBSD : from the header altogether, labeling the effort to report bugs in ports : with some other name. Other ideas? Well, I don't know how this would play out, but I like your example for the header, perhaps it wouldn't be a bad idea to do something like: PORTS-SA:00:XX or whatnot. Keep the FreeBSD and Ports announcements strictly seperate like that might not be a bad idea. : --Brett * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5biPndMMtMcA1U5ARAmTkAJoDDhkhp/4g28HC4NFDLmWjYllgKACePQJM CEPuWkjOkrlGeq13ILey+QQ= =sNq0 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007131615460.68096-100000>