From owner-freebsd-security  Mon Jul 20 19:57:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA23734
          for freebsd-security-outgoing; Mon, 20 Jul 1998 19:57:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA23726
          for <security@FreeBSD.ORG>; Mon, 20 Jul 1998 19:57:40 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.8) id UAA00240;
	Mon, 20 Jul 1998 20:57:07 -0600 (MDT)
Message-Id: <199807210257.UAA00240@lariat.lariat.org>
X-Sender: brett@mail.lariat.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 
Date: Mon, 20 Jul 1998 20:57:03 -0600
To: Andrew Kenneth Milton <akm@zeus.theinternet.com.au>
From: Brett Glass <brett@lariat.org>
Subject: Re: Why is there no info on the QPOPPER hack?
Cc: petrilli@dworkin.amber.org, gbieker@crown.NET, security@FreeBSD.ORG
In-Reply-To: <199807211041.KAA26950@zeus.theinternet.com.au>
References: <199807201845.MAA21839@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 10:41 AM 7/21/98 +0000, Andrew Kenneth Milton wrote:

>So fix it.
>
>If you can't fix it, wait for it to be fixed.
>If you can't wait for it to be fixed either change to a different
>vendor implementation or shut down.

Possibly. But in this case, by the time I found out about the problem,
someone else could already have fixed it and it could have been installed
automatically on the system. Why re-implement the wheel or duplicate
another's effort?

>While these choice might be inconvenient, they are all you have.

The point is that they're not. It'd be nice to get an automatic update
that closes the hole. I might create the new version sometimes, but
there's no reason for each person to do it every time.

>If you want to whinge about lack of support/features, buy support
>or buy a commercial OS (which almost certainly guarantees slower
>response time, but, at least someone there will listen to you
>whinge.)

Well, the first thing I might "whinge" about is your spelling. But
after I get through ribbing you about that, I'll continue to mount an
effort to come up with a more sensible solution than trying to close
every security hole myself, thank you.

>And BTW C doesn't kill people, C Programmers kill people.

In either case, the solution is to fix C or move to something else.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message