Date: Fri, 17 Jan 2003 14:48:53 -0800 From: "Bruce A. Mah" <bmah@FreeBSD.org> To: Alfred Perlstein <bright@mu.org> Cc: Gregory Sutter <gsutter@zer0.org>, Juli Mallett <jmallett@FreeBSD.org>, Nate Lawson <nate@root.org>, Martin Blapp <mb@imp.ch>, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com Message-ID: <200301172248.h0HMmrkC092859@intruder.bmah.org> In-Reply-To: <20030117221141.GT33821@elvis.mu.org> References: <20030116185752.L98919@levais.imp.ch> <Pine.BSF.4.21.0301161015050.46845-100000@root.org> <20030116185115.GQ33821@elvis.mu.org> <20030117215606.GA29071@klapaucius.zer0.org> <20030117140254.A96500@FreeBSD.org> <20030117220937.GV2964@klapaucius.zer0.org> <20030117221141.GT33821@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1950045305P Content-Type: text/plain; charset=us-ascii If memory serves me right, Alfred Perlstein wrote: > * Gregory Sutter <gsutter@zer0.org> [030117 14:09] wrote: > > > > Ah, right. An immediate message to developers and later forced > > commit. Somehow I misread that the first time such that both the > > message and the forced commit would come only after the public > > release of security information. Sorry. > > > > What do you think of codifying the situation in the Committer's Guide? > > I think it's a great idea, when will you be done? :) It sounds to me like you (pl.) are advocating early disclosure of security vulnerability information to a set of several hundred people, at a time when generally, only a handful of people have need-to-know. (In case it's not clear, this idea scares me greatly.) Bruce. --==_Exmh_1950045305P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) Comment: Exmh version 2.5+ 20020506 iD8DBQE+KIhV2MoxcVugUsMRArbCAKChhMN4zxD8hrZ47p3Lfib4CiIoBgCePD6G zHAEaHcqTkgrn6T4lnaaAug= =D8RO -----END PGP SIGNATURE----- --==_Exmh_1950045305P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301172248.h0HMmrkC092859>