From owner-cvs-all  Fri Jan 17 18:49:41 2003
Delivered-To: cvs-all@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 931)
	id 9BE3237B401; Fri, 17 Jan 2003 18:49:40 -0800 (PST)
Date: Fri, 17 Jan 2003 18:49:40 -0800
From: Juli Mallett <jmallett@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.org>
Cc: "Bruce A. Mah" <bmah@FreeBSD.org>,
	Alfred Perlstein <bright@mu.org>, Gregory Sutter <gsutter@zer0.org>,
	Nate Lawson <nate@root.org>, Martin Blapp <mb@imp.ch>,
	cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com
Message-ID: <20030117184940.A13960@FreeBSD.org>
References: <20030117155605.A4640@FreeBSD.org> <Pine.NEB.3.96L.1030117201712.57637A-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <Pine.NEB.3.96L.1030117201712.57637A-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Fri, Jan 17, 2003 at 08:20:04PM -0500
Organisation: The FreeBSD Project <http://FreeBSD.org>
X-Alternate-Addresses: <jmallett@NewGold.NET>, <jmallett@xMach.org>, <juli@jerkcity.com>, <flata@toxic.magnesium.net>, <jmallett@OpenDarwin.org>
X-Towel: Yes
X-LiveJournal: flata, jmallett
X-Negacore: Yes
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

* De: Robert Watson <rwatson@FreeBSD.org> [ Data: 2003-01-17 ]
	[ Subjecte: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_sv
> 
> On Fri, 17 Jan 2003, Juli Mallett wrote:
> 
> > We just need to know that there *is* a security-related aspect to what
> > has been committed, and that we should await further info. 
> 
> You may feel that way, but you'd be wrong.  We receive advance information
> on vulnerabilities only under very specific conditions, and those
> conditions frequently don't including telling Juli about unannounced
> vulnerabilities in hundreds of thousands of machines.  Handling of
> security vulnerabilities is one of the more interesting sets of conflicts
> open source systems have to deal with by nature.  Let's not make it any
> harder than it already is.

Fair enough.  I eventually realised it's impossible to have such a system in
place.  It just sounded like it might be helpful for inter-project communication
at the time.  My use of the word need there was in "in the context of this,
no specifics should be exchanged, but a heads up is nice."  Not as in I felt
we actually had a need to know this sort of information.

Idea discussion very seldom has to do with taking everyone's perspective into
mind, that's what the discussion is for.  Not for being right about everything
right off the bat, and some of the replies seem to forget that.
-- 
Juli Mallett <jmallett@FreeBSD.org>
AIM: BSDFlata -- IRC: juli on EFnet.
OpenDarwin, Mono, FreeBSD Developer.
ircd-hybrid Developer, EFnet addict.
FreeBSD on MIPS-Anything on FreeBSD.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message