From owner-freebsd-security Sun Sep 5 19:33:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id D80041575A for ; Sun, 5 Sep 1999 19:33:16 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA33056; Sun, 5 Sep 1999 20:32:56 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA01466; Sun, 5 Sep 1999 20:32:03 -0600 (MDT) Message-Id: <199909060232.UAA01466@harmony.village.org> To: "Jordan K. Hubbard" Subject: Re: Security Alerts Cc: spork , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Fri, 03 Sep 1999 16:36:39 PDT." <67508.936401799@localhost> References: <67508.936401799@localhost> Date: Sun, 05 Sep 1999 20:32:03 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <67508.936401799@localhost> "Jordan K. Hubbard" writes: : More than actually generating advisories, something which our security : officers do a pretty reasonable job on, what we *really* need is : someone to test the existing advisories/random reports/etc and figure : out which exploits or DoS attacks are actually genuine. Quite a bit : of stuff gets sent to the security list and quite a bit of it often : has no applicability whatsoever to FreeBSD, leading to a situation : where security officers put it on the "test this at some point" pile : and that pile can get pretty deep. When faced with a "this has been : tested and the following releases of FreeBSD are vulnerable" sort of : message, however, they know that it's clearly a matter for immediate : attention and it gets "escallated" quite a bit. Yes. This is true. The "it might be a problem" messages tend to take too long, especially when it impacts -stable and not -current. I test as many of them as I can on FreeBSD-current, but testing them on -stable is much harder for me to do. Things have also been clogged up for me of late due to a variety of reasons which I've taken care of. The rest of the security backlog should be finished up this weekend... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message