Date: Sun, 07 Oct 2001 01:13:57 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Kris Kennaway <kris@obsecurity.org>, Nate Williams <nate@yogotech.com>, Lyndon Nerenberg <lyndon@atg.aciworldwide.com>, Bernd Walter <ticso@mail.cicely.de>, current@FreeBSD.ORG Subject: Re: PATCHES for Kris Kennaway to commit Message-ID: <3BC00EC5.F0326FBE@mindspring.com> References: <44013.1002412762@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn wrote: > The change is not undefended. It's been made very clear from the > beginning that the security officer team sees the UUCP software as a > security liability, and would like the software "relegated" to ports so > as to limit the impact of vulnerabilities. The specific problem is the "--config" vulnerability noted on BugTraq, which ios easily fixed by "#ifdef'ing" it out. I understand that there have been a lot of bugs that have been listed as "FreeBSD bugs", when they were really software from third parties, but that's really no reason to be so hypersensitive about the distinction that FreeBSD becomes nothing more than the kernel and perl. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BC00EC5.F0326FBE>