Date: Thu, 13 Jul 2000 15:58:35 -0700 (PDT) From: Justin Wolf <jjwolf@bleeding.com> To: security@FreeBSD.ORG Subject: Re: Displacement of Blame[tm] Message-ID: <Pine.BSF.4.21.0007131553420.38638-100000@neo.bleeding.com> In-Reply-To: <396E4712.EC5888B@owp.csus.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1. The method that the person recieves the at risk program is from > FreeBSD. IE: I installed it from the ports collection. While the > software it's self is not developed by FreeBSD, the distribution > method is. I imagine this is something similar to Toys'R'Us removing > a dangerous toy from their shelves and telling the whole world about > it. Toys'R'us didn't make they toy, but there are responsible for > making it available to the portion of the public that shops there. Everyone know's Toys 'R' Us doesn't make toys, so it can be assumed it's not their fault the toy was dangerous. FBSD does, however, make software. So the distinction is a little more blurred (nevermind the fact that FBSD is an OS and the ports are applications... this is a little too gray of an area for most users - I know some people who think Word is an OS). > 2. The "why didn't I hear about this from you instead of a third > party" case. Someone people get upset if it's their uncle who tells > them they have a security hole instead of the vendor that they got the > OS from in the first place. I didn't say not to send out the advisory. > It's difficult to say if removing it altogether is really a benefit > or not. One way to look at it is that this gives FreeBSD additional > coverage. If someone reads that additional coverage incorrectly then > you know have an oppertunity to correct them and provide additional > details/info about FreeBSD. I doubt you'll find the opportunity in enough cases to make a dent. In some cases there's no such thing as bad publicity... however, when it comes to people's data, they get a little antsy. On a side note, I like pointing out that 80% of the BugTraq mail is about Linux holes... but it really depends on how much of a marketing snow job you want to pull. -Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007131553420.38638-100000>