Date: Thu, 13 Jul 2000 14:21:58 -0600 (MDT) From: "Jumpin' Joe Schroedl" <joe@ns1.uscreativetypes.com> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Brett Glass <brett@lariat.org>, Susie Ward <sward@voltage.net>, security@FreeBSD.ORG Subject: Re: Two kinds of advisories? Message-ID: <Pine.BSF.4.21.0007131418330.33508-100000@localhost> In-Reply-To: <Pine.BSF.4.21.0007131331420.71441-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
All: How 'bout: "Security Advisory: Wu-ftpd (FreeBSD Ports Collection) SA-00:29" This just makes it less clumsy. Joe On Thu, 13 Jul 2000, Kris Kennaway wrote: > On Thu, 13 Jul 2000, Brett Glass wrote: > > > At 01:08 PM 7/13/2000, Susie Ward wrote: > > > > >If they don't understand it, then maybe you shouldn't be encouraging them to join bugtraq, but I am curious what you'd like to see the subject lines say? > > > > I think it would help if they listed the name of the PORT first, and > > then mentioned something about the FreeBSD security team or port > > maintainers finding the problem. > > So, something like: > > "Wu-ftpd: SA-00:29 FreeBSD Ports Collection Security Advisory"? > > Apart from the clumsiness of the above sentence, the most important part > (the first word) is the name of the vulnerable software, and the fact that > it's an optional component of FreeBSD is relegated to a position somewhere > in the middle. IMO, this is *worse* for getting the point across that it's > not a FreeBSD system advisory, which is clearly the more important aim. > > Your two goals for juggling the topic (#1 - the desire for your clients to > know whether their system is vulnerable, and #2 - the desire to have the > "FreeBSD Ports" bit prominent) - seem to be mutually exclusive. In fact, > it doesn't seem to help at all if your clients aren't bright enough to > know whether or not they're using wu-ftpd in the first place, as you > suggested. > > Do you have a better suggestion? > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007131418330.33508-100000>