From owner-freebsd-security  Mon Jun 24 19:56: 5 2002
Delivered-To: freebsd-security@freebsd.org
Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36])
	by hub.freebsd.org (Postfix) with ESMTP
	id E368237B4D3; Mon, 24 Jun 2002 19:55:25 -0700 (PDT)
Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114])
	by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP
	id 1A2FE177E; Mon, 24 Jun 2002 22:55:25 -0400 (EDT)
Received: by osaka.louisville.edu (Postfix, from userid 15)
	id E140EA6; Mon, 24 Jun 2002 22:55:24 -0400 (EDT)
Date: Mon, 24 Jun 2002 22:55:24 -0400
From: Keith Stevenson <keith.stevenson@louisville.edu>
To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Hogwash
Message-ID: <20020624225524.A96380@osaka.louisville.edu>
References: <20020625010643.GC43386@madman.nectar.cc> <200206250111.g5P1BVLJ015666@cvs.openbsd.org> <20020625024401.GB43738@madman.nectar.cc>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020625024401.GB43738@madman.nectar.cc>; from nectar@FreeBSD.ORG on Mon, Jun 24, 2002 at 09:44:01PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I hate to intrude on the conversation, but what is FreeBSD's official response
to this?  Posturing and full-disclosure debates aside, I'm inclined to take
Theo's warning at face value.  I know better than to expect my commercial UNIX
vendor to act swiftly, but I've come to expect more from the FreeBSD project.
If FreeBSD is going to wait until after the exploits are published, please let
us know now so I can plan appropriately.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
keith.stevenson@louisville.edu
GPG key fingerprint =  332D 97F0 6321 F00F 8EE7  2D44 00D8 F384 75BB 89AE

On Mon, Jun 24, 2002 at 09:44:01PM -0500, Jacques A. Vidrine wrote:
> On Mon, Jun 24, 2002 at 07:11:30PM -0600, Theo de Raadt wrote:
> > > I'd
> > > rather we had the information now to make wise choices about what to
> > > do with deployed systems, custom hacks, and older-but-still-supported
> > > releases --- knowing there is a possibility for `leakage' that grows
> > > with time.
> > 
> > Ask your vendor.  
> 
> I _am_ the vendor.
> -- 
> Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
> NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
> jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message