Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Jul 2000 13:38:27 -0700 (PDT)
From:      Kris Kennaway <kris@FreeBSD.org>
To:        Brett Glass <brett@lariat.org>
Cc:        Susie Ward <sward@voltage.net>, security@FreeBSD.ORG
Subject:   Re: Two kinds of advisories?
Message-ID:  <Pine.BSF.4.21.0007131331420.71441-100000@freefall.freebsd.org>
In-Reply-To: <4.3.2.7.2.20000713132400.04b73af0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 13 Jul 2000, Brett Glass wrote:

> At 01:08 PM 7/13/2000, Susie Ward wrote:
> 
> >If they don't understand it, then maybe you shouldn't be encouraging them to join bugtraq, but I am curious what you'd like to see the subject lines say?
> 
> I think it would help if they listed the name of the PORT first, and
> then mentioned something about the FreeBSD security team or port
> maintainers finding the problem.

So, something like:

"Wu-ftpd: SA-00:29 FreeBSD Ports Collection Security Advisory"?

Apart from the clumsiness of the above sentence, the most important part
(the first word) is the name of the vulnerable software, and the fact that
it's an optional component of FreeBSD is relegated to a position somewhere
in the middle. IMO, this is *worse* for getting the point across that it's
not a FreeBSD system advisory, which is clearly the more important aim.

Your two goals for juggling the topic (#1 - the desire for your clients to
know whether their system is vulnerable, and #2 - the desire to have the
"FreeBSD Ports" bit prominent) - seem to be mutually exclusive. In fact,
it doesn't seem to help at all if your clients aren't bright enough to
know whether or not they're using wu-ftpd in the first place, as you
suggested.

Do you have a better suggestion?

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007131331420.71441-100000>