Date: Sun, 05 Sep 1999 20:32:03 -0600 From: Warner Losh <imp@village.org> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: spork <spork@super-g.com>, freebsd-security@FreeBSD.ORG Subject: Re: Security Alerts Message-ID: <199909060232.UAA01466@harmony.village.org> In-Reply-To: Your message of "Fri, 03 Sep 1999 16:36:39 PDT." <67508.936401799@localhost> References: <67508.936401799@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <67508.936401799@localhost> "Jordan K. Hubbard" writes: : More than actually generating advisories, something which our security : officers do a pretty reasonable job on, what we *really* need is : someone to test the existing advisories/random reports/etc and figure : out which exploits or DoS attacks are actually genuine. Quite a bit : of stuff gets sent to the security list and quite a bit of it often : has no applicability whatsoever to FreeBSD, leading to a situation : where security officers put it on the "test this at some point" pile : and that pile can get pretty deep. When faced with a "this has been : tested and the following releases of FreeBSD are vulnerable" sort of : message, however, they know that it's clearly a matter for immediate : attention and it gets "escallated" quite a bit. Yes. This is true. The "it might be a problem" messages tend to take too long, especially when it impacts -stable and not -current. I test as many of them as I can on FreeBSD-current, but testing them on -stable is much harder for me to do. Things have also been clogged up for me of late due to a variety of reasons which I've taken care of. The rest of the security backlog should be finished up this weekend... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909060232.UAA01466>