Date: Thu, 2 Dec 1999 13:32:31 -0500 (EST) From: andrewr <andrewr@slack.net> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Sheldon Hearn <sheldonh@uunet.co.za>, Steve Reid <sreid@sea-to-sky.net>, Bill Swingle <unfurl@dub.net>, security@FreeBSD.ORG, Jordan Hubbard <jkh@FreeBSD.ORG> Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] Message-ID: <Pine.BSO.4.10.9912021329020.21237-100000@schwing.slack.net> In-Reply-To: <87169.944159368@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Well, let me just add something to this, and that's that if you > also can't get reasonable satisfaction out of a maintainer, move > up the "chain of authority" and talk to the ports team and/or > Satoshi Asami about it. If that still doesn't net you results, > appeal to core. The buck will eventually stop somewhere. :) > Wouldn't it be a better idea to just plainly make an easy way to report a hole? Someone who is trying to report a hole will just plain get pissed off if they have to keep going to some one else.. and they say "oh, well, whatever" or "go to him and talk to him" etc... I just think it's smart to put in place a specific group or person or email alias _specifically_ for the purpose of handling this type of situation (security hole? don't know who to report it to? the security grooup knows, talk to them.. and they will handle the contact for you). Again, I ask, is this feasible? Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.10.9912021329020.21237-100000>