From owner-freebsd-security Mon Jul 20 16:40:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA17850 for freebsd-security-outgoing; Mon, 20 Jul 1998 16:40:37 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pobox.com (lafra-81.mdm.mke.execpc.com [169.207.80.209]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA17702 for ; Mon, 20 Jul 1998 16:40:04 -0700 (PDT) (envelope-from hamilton@pobox.com) Message-Id: <199807202340.QAA17702@hub.freebsd.org> Received: (qmail 26832 invoked from network); 20 Jul 1998 18:41:44 -0500 Received: from localhost (HELO pobox.com) (127.0.0.1) by localhost with SMTP; 20 Jul 1998 18:41:44 -0500 To: "Matthew N. Dodd" Cc: security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? In-reply-to: Your message of "Mon, 20 Jul 1998 17:40:35 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 20 Jul 1998 18:41:44 -0500 From: Jon Hamilton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , "Matthe w N. Dodd" wrote: } } This sort of thing tends to go over poorly at security audits and with } people who's heads are on the line when things break. } } I'm not willing to trust a 3rd party with that level of control of my } system. Right. } Nobody should be that trusting. Wrong. Not everybody's environment looks like yours; there are undoubtedly people for whom this would be a very good idea. } Just think of what would happen if the update process was compromised. That's less catastrophic some places than others. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message