From owner-freebsd-security Thu Jul 13 15:55:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from pebkac.owp.csus.edu (pebkac.owp.csus.edu [130.86.232.245]) by hub.freebsd.org (Postfix) with ESMTP id 1E84037B849 for ; Thu, 13 Jul 2000 15:55:15 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Received: from owp.csus.edu (mail.owp.csus.edu [130.86.232.247]) by pebkac.owp.csus.edu (8.9.3/8.9.3) with ESMTP id PAA70222; Thu, 13 Jul 2000 15:54:59 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Message-ID: <396E482C.A41CEAFF@owp.csus.edu> Date: Thu, 13 Jul 2000 15:52:29 -0700 From: Joseph Scott X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Dave McKay Cc: Brett Glass , security@FreeBSD.ORG Subject: Re: Two kinds of advisories? References: <4.3.2.7.2.20000713120631.04d53b60@localhost> <20000713155401.A91428@elvis.mu.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dave McKay wrote: > > I believe I wrote in about almost this same exact question a few months > back. Releasing all of these vulnerabilities in the name of FreeBSD has > problems. Not all people who read mailing lists have a clue, others don't > really READ the mail they recieve. Releasing all of these third party > vulnerability alerts when the product is not part of FreeBSD can become > cumbersome to the average joe reading Bugtraq. He sees all of this and > thinks, I'm not using FreeBSD, it has more bugs then a hippie's hair after > being outside for 3 weeks. Perhaps there is an opportunity here then. Time for someone to write an article about what the FreeBSD security team is doing, detailing why these advisories are going out, etc. Then submit it to some of the big names that PHBs read (ZDnet, etc). My feelings are that all of these items going out to Bugtraq are a mixed blessing. Personally, I've found them useful. I suppose that means I actually read them, at least enough to determine if I'm affected by them. > Brett Glass (brett@lariat.org) wrote: > > I've recently added some of my clients to the Bugtraq mailing list, and > > whenever a message goes out with a subject like "FreeBSD Ports Security > > Advisory: ," they think it's a security hole in FreeBSD. Of course, > > WE know it's not, but they don't understand what "FreeBSD Ports" means and > > get the wrong idea. Any ideas about how to rephrase the subject lines so > > that people who see these messages will get the right idea without knowing > > what the Ports Collection is? Perhaps if the name "FreeBSD" didn't come first? > > > > --Brett -- Joseph Scott joseph.scott@owp.csus.edu Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message