Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Jan 2003 15:56:05 -0800
From:      Juli Mallett <jmallett@FreeBSD.org>
To:        "Bruce A. Mah" <bmah@FreeBSD.org>
Cc:        Alfred Perlstein <bright@mu.org>, Gregory Sutter <gsutter@zer0.org>, Nate Lawson <nate@root.org>, Martin Blapp <mb@imp.ch>, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com
Message-ID:  <20030117155605.A4640@FreeBSD.org>
In-Reply-To: <200301172248.h0HMmrkC092859@intruder.bmah.org>; from bmah@FreeBSD.org on Fri, Jan 17, 2003 at 02:48:53PM -0800
References:  <20030116185752.L98919@levais.imp.ch> <Pine.BSF.4.21.0301161015050.46845-100000@root.org> <20030116185115.GQ33821@elvis.mu.org> <20030117215606.GA29071@klapaucius.zer0.org> <20030117140254.A96500@FreeBSD.org> <20030117220937.GV2964@klapaucius.zer0.org> <20030117221141.GT33821@elvis.mu.org> <200301172248.h0HMmrkC092859@intruder.bmah.org>

next in thread | previous in thread | raw e-mail | index | archive | help
* De: "Bruce A. Mah" <bmah@FreeBSD.org> [ Data: 2003-01-17 ]
	[ Subjecte: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_
> If memory serves me right, Alfred Perlstein wrote:
> > * Gregory Sutter <gsutter@zer0.org> [030117 14:09] wrote:
> > > 
> > > Ah, right.  An immediate message to developers and later forced
> > > commit.  Somehow I misread that the first time such that both the
> > > message and the forced commit would come only after the public
> > > release of security information.  Sorry.
> > > 
> > > What do you think of codifying the situation in the Committer's Guide?
> > 
> > I think it's a great idea, when will you be done? :)
> 
> It sounds to me like you (pl.) are advocating early disclosure of
> security vulnerability information to a set of several hundred people, 
> at a time when generally, only a handful of people have need-to-know.
> 
> (In case it's not clear, this idea scares me greatly.)

We just need to know that there *is* a security-related aspect to what
has been committed, and that we should await further info.
-- 
Juli Mallett <jmallett@FreeBSD.org>
AIM: BSDFlata -- IRC: juli on EFnet.
OpenDarwin, Mono, FreeBSD Developer.
ircd-hybrid Developer, EFnet addict.
FreeBSD on MIPS-Anything on FreeBSD.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030117155605.A4640>