From owner-cvs-all Fri Jan 17 13:56: 9 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA09E37B401; Fri, 17 Jan 2003 13:56:07 -0800 (PST) Received: from mail1.zer0.org (klapaucius.zer0.org [204.152.186.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 363C643EB2; Fri, 17 Jan 2003 13:56:07 -0800 (PST) (envelope-from gsutter@zer0.org) Received: by mail1.zer0.org (Postfix, from userid 1001) id 015FB239A0B; Fri, 17 Jan 2003 13:56:06 -0800 (PST) Date: Fri, 17 Jan 2003 13:56:06 -0800 From: Gregory Sutter To: Alfred Perlstein Cc: Nate Lawson , Martin Blapp , cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com Message-ID: <20030117215606.GA29071@klapaucius.zer0.org> References: <20030116185752.L98919@levais.imp.ch> <20030116185115.GQ33821@elvis.mu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline In-Reply-To: <20030116185115.GQ33821@elvis.mu.org> Organization: Zer0 X-Purpose: For great justice! Mail-Copies-To: poster X-Message-Flag: Ditch this virus-ridden Outlook crap and get a real mailer! X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . User-Agent: Mutt/1.5.1i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2003-01-16 10:51 -0800, Alfred Perlstein wrote: > In the light of the security issues here and request for silence > about the issue, perhaps we can post a followup to -developers after > such a commit and at a later date follow up with a forced commit > when things are "safe" to completely explain the issue. That is excellent advice on a subject that has come up before and surely will again. Perhaps it should be codified in the Committers' Guide? The only change I'll suggest is that the followup be sent to cvs-committers and cvs-all instead of developers; more than just those with CVS privileges follow the commit logs, and I'm sure all will be interested in reading the commit logs and followup messages so they can better judge their systems' vulnerability. Greg --=20 Gregory S. Sutter "Happiness isn't good enough mailto:gsutter@zer0.org for me! I demand euphoria!" http://www.zer0.org/~gsutter/ --Calvin (Bill Watterson) hkp://wwwkeys.pgp.net/0x845DFEDD --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQE+KHv2IBUx1YRd/t0RAnOTAJ0fohP499I2p36mVtPDtVLQxY+jVACeMfNx EyWC9ThZNYvUxkB+xlXkwtY= =iiZM -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message