From owner-cvs-all  Fri Jan 17 17:20:17 2003
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B8ACD37B401; Fri, 17 Jan 2003 17:20:16 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 06EFD43F1E; Fri, 17 Jan 2003 17:20:16 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.6/8.12.5) with SMTP id h0I1K5P4074168;
	Fri, 17 Jan 2003 20:20:05 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 17 Jan 2003 20:20:04 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Juli Mallett <jmallett@FreeBSD.org>
Cc: "Bruce A. Mah" <bmah@FreeBSD.org>,
	Alfred Perlstein <bright@mu.org>, Gregory Sutter <gsutter@zer0.org>,
	Nate Lawson <nate@root.org>, Martin Blapp <mb@imp.ch>,
	cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com
In-Reply-To: <20030117155605.A4640@FreeBSD.org>
Message-ID: <Pine.NEB.3.96L.1030117201712.57637A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On Fri, 17 Jan 2003, Juli Mallett wrote:

> We just need to know that there *is* a security-related aspect to what
> has been committed, and that we should await further info. 

You may feel that way, but you'd be wrong.  We receive advance information
on vulnerabilities only under very specific conditions, and those
conditions frequently don't including telling Juli about unannounced
vulnerabilities in hundreds of thousands of machines.  Handling of
security vulnerabilities is one of the more interesting sets of conflicts
open source systems have to deal with by nature.  Let's not make it any
harder than it already is.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message