From owner-freebsd-security Mon Jun 24 19:47:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) by hub.freebsd.org (Postfix) with ESMTP id 3CBA737B401; Mon, 24 Jun 2002 19:47:36 -0700 (PDT) Received: from cvs.openbsd.org (deraadt@localhost [127.0.0.1]) by cvs.openbsd.org (8.12.4/8.12.1) with ESMTP id g5P2mJLJ031907; Mon, 24 Jun 2002 20:48:19 -0600 (MDT) Message-Id: <200206250248.g5P2mJLJ031907@cvs.openbsd.org> To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Hogwash In-reply-to: Your message of "Mon, 24 Jun 2002 21:44:01 CDT." <20020625024401.GB43738@madman.nectar.cc> Date: Mon, 24 Jun 2002 20:48:19 -0600 From: Theo de Raadt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Mon, Jun 24, 2002 at 07:11:30PM -0600, Theo de Raadt wrote: > > > I'd > > > rather we had the information now to make wise choices about what to > > > do with deployed systems, custom hacks, and older-but-still-supported > > > releases --- knowing there is a possibility for `leakage' that grows > > > with time. > > > > Ask your vendor. > > I _am_ the vendor. And you have been told how to immunize. You are not being told more. Nor are IBM, Apple, HP, SGI, Sun, any of the Linux distributions, the other BSD's, or any of the other misc embedded systems that use the code. But they are all being told how to immunize. If it works, it works. But I am not telling 30 people. Someone in FreeBSD please explain this to him. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message