From owner-cvs-all Fri Jan 17 14:48:58 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAC3737B401; Fri, 17 Jan 2003 14:48:56 -0800 (PST) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F68243ED8; Fri, 17 Jan 2003 14:48:55 -0800 (PST) (envelope-from bmah@employees.org) Received: from bmah.dyndns.org (12-240-204-110.client.attbi.com[12.240.204.110]) by sccrmhc02.attbi.com (sccrmhc02) with ESMTP id <2003011722485400200mka0be>; Fri, 17 Jan 2003 22:48:54 +0000 Received: from intruder.bmah.org (localhost [IPv6:::1]) by bmah.dyndns.org (8.12.6/8.12.6) with ESMTP id h0HMmrA8092860; Fri, 17 Jan 2003 14:48:53 -0800 (PST) (envelope-from bmah@intruder.bmah.org) Received: (from bmah@localhost) by intruder.bmah.org (8.12.6/8.12.6/Submit) id h0HMmrkC092859; Fri, 17 Jan 2003 14:48:53 -0800 (PST) Message-Id: <200301172248.h0HMmrkC092859@intruder.bmah.org> X-Mailer: exmh version 2.5+ 20021120 with nmh-1.0.4 To: Alfred Perlstein Cc: Gregory Sutter , Juli Mallett , Nate Lawson , Martin Blapp , cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com In-Reply-To: <20030117221141.GT33821@elvis.mu.org> References: <20030116185752.L98919@levais.imp.ch> <20030116185115.GQ33821@elvis.mu.org> <20030117215606.GA29071@klapaucius.zer0.org> <20030117140254.A96500@FreeBSD.org> <20030117220937.GV2964@klapaucius.zer0.org> <20030117221141.GT33821@elvis.mu.org> Comments: In-reply-to Alfred Perlstein message dated "Fri, 17 Jan 2003 14:11:41 -0800." From: "Bruce A. Mah" Reply-To: bmah@FreeBSD.org X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1950045305P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 17 Jan 2003 14:48:53 -0800 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --==_Exmh_1950045305P Content-Type: text/plain; charset=us-ascii If memory serves me right, Alfred Perlstein wrote: > * Gregory Sutter [030117 14:09] wrote: > > > > Ah, right. An immediate message to developers and later forced > > commit. Somehow I misread that the first time such that both the > > message and the forced commit would come only after the public > > release of security information. Sorry. > > > > What do you think of codifying the situation in the Committer's Guide? > > I think it's a great idea, when will you be done? :) It sounds to me like you (pl.) are advocating early disclosure of security vulnerability information to a set of several hundred people, at a time when generally, only a handful of people have need-to-know. (In case it's not clear, this idea scares me greatly.) Bruce. --==_Exmh_1950045305P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) Comment: Exmh version 2.5+ 20020506 iD8DBQE+KIhV2MoxcVugUsMRArbCAKChhMN4zxD8hrZ47p3Lfib4CiIoBgCePD6G zHAEaHcqTkgrn6T4lnaaAug= =D8RO -----END PGP SIGNATURE----- --==_Exmh_1950045305P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message