From owner-freebsd-security Wed Apr 11 6:47:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from ra.upan.org (ra.upan.org [204.107.76.19]) by hub.freebsd.org (Postfix) with ESMTP id 4A14037B422 for ; Wed, 11 Apr 2001 06:47:20 -0700 (PDT) (envelope-from mikel@ra.upan.org) Received: (from mikel@localhost) by ra.upan.org (8.11.1/8.11.1) id f3BDk9l65143; Wed, 11 Apr 2001 09:46:09 -0400 (EDT) (envelope-from mikel) Date: Wed, 11 Apr 2001 09:46:09 -0400 From: Mikel King To: Michael Bryan Cc: freebsd-security@freebsd.org Subject: Re: Security Announcements? Message-ID: <20010411094609.A64571@ra.upan.org> References: <3AD33218.FE8D7ACD@ursine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AD33218.FE8D7ACD@ursine.com>; from fbsd-secure@ursine.com on Tue, Apr 10, 2001 at 09:17:28AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Apr 10, 2001 at 09:17:28AM -0700, Michael Bryan wrote: > > What's up (or not up) with security announcements these days? > It's been some time since the NTP vulnerability came to light, > and many other affected systems/products have made their > announcements, but nothing official from FreeBSD yet. Now we > have an FTP vulnerability hitting the streets too. {SNIP} Wow this has turned into a rather long thread...Ok so I've read quite a bit of it, and what seems to be repeated over several times is that people feel like they are getting informed. I liken it to whenI get a notice from the monitor that one of my clients' T1s goes down and I start working on it pronto but fail to call the client until it's done, or worse they call me. I can't tell you how mych better they feel being called imediately just to let them know that we're on top of things. Of course this leads the question, would it be a good idea to ask the security team, to publish a list on a periodic basis that identifies each update they are working on/needs work to be done etc...I know on the one hand that I would like the extra notification and yet on the other I really don't want the script-kiddies on this list to pick up on things that the fBSD crew fix internally before anyone normally ever knows about them... Sure it would be nice to have a bin system but stable seems easy enough so until some one actually developes a better system I'll wage stable is the way to go. well that's my $0.01 cheers, mikel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message