From owner-freebsd-security Thu Jul 13 13:45: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from neo.bleeding.com (neo.bleeding.com [209.10.61.250]) by hub.freebsd.org (Postfix) with ESMTP id 52BBE37C578 for ; Thu, 13 Jul 2000 13:44:57 -0700 (PDT) (envelope-from jjwolf@bleeding.com) Received: from localhost (jjwolf@localhost) by neo.bleeding.com (8.9.3/8.9.3) with ESMTP id NAA38358 for ; Thu, 13 Jul 2000 13:44:50 -0700 (PDT) Date: Thu, 13 Jul 2000 13:44:50 -0700 (PDT) From: Justin Wolf To: security@FreeBSD.ORG Subject: Displacement of Blame[tm] In-Reply-To: <4.3.2.7.2.20000713142419.04b82ce0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Maybe I missed it in this really long thread somewhere, but why do we have to say that it concerns FreeBSD at all? If it's a bug/hole in a port, it has nothing to do with FreeBSD except for the fact that the user MAY have installed this port, which of course comes from a third party, but was compiled by the FreeBSD organization. Instead, how about just sending an email from the FreeBSD security 'organization' stating that a port has a bug/hole in it. No one assumes that CERT or BUGTRAQ have any security holes, but the products they alert about do. I think this type of advisory would provide the same information within a context that removes FreeBSD proper of having any connotation of holes itself. This also allows the complete removal of 'FreeBSD' in the subject all together. Flame on, -Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message