Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Jul 2000 14:21:58 -0600 (MDT)
From:      "Jumpin' Joe Schroedl" <joe@ns1.uscreativetypes.com>
To:        Kris Kennaway <kris@FreeBSD.ORG>
Cc:        Brett Glass <brett@lariat.org>, Susie Ward <sward@voltage.net>, security@FreeBSD.ORG
Subject:   Re: Two kinds of advisories?
Message-ID:  <Pine.BSF.4.21.0007131418330.33508-100000@localhost>
In-Reply-To: <Pine.BSF.4.21.0007131331420.71441-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
All:

How 'bout:

"Security Advisory: Wu-ftpd (FreeBSD Ports Collection) SA-00:29"

This just makes it less clumsy.

Joe

On Thu, 13 Jul 2000, Kris Kennaway wrote:

> On Thu, 13 Jul 2000, Brett Glass wrote:
> 
> > At 01:08 PM 7/13/2000, Susie Ward wrote:
> > 
> > >If they don't understand it, then maybe you shouldn't be encouraging them to join bugtraq, but I am curious what you'd like to see the subject lines say?
> > 
> > I think it would help if they listed the name of the PORT first, and
> > then mentioned something about the FreeBSD security team or port
> > maintainers finding the problem.
> 
> So, something like:
> 
> "Wu-ftpd: SA-00:29 FreeBSD Ports Collection Security Advisory"?
> 
> Apart from the clumsiness of the above sentence, the most important part
> (the first word) is the name of the vulnerable software, and the fact that
> it's an optional component of FreeBSD is relegated to a position somewhere
> in the middle. IMO, this is *worse* for getting the point across that it's
> not a FreeBSD system advisory, which is clearly the more important aim.
> 
> Your two goals for juggling the topic (#1 - the desire for your clients to
> know whether their system is vulnerable, and #2 - the desire to have the
> "FreeBSD Ports" bit prominent) - seem to be mutually exclusive. In fact,
> it doesn't seem to help at all if your clients aren't bright enough to
> know whether or not they're using wu-ftpd in the first place, as you
> suggested.
> 
> Do you have a better suggestion?
> 
> Kris
> 
> --
> In God we Trust -- all others must submit an X.509 certificate.
>     -- Charles Forsythe <forsythe@alum.mit.edu>
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007131418330.33508-100000>