Date: Fri, 03 Sep 1999 16:36:39 -0700 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: spork <spork@super-g.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Alerts Message-ID: <67508.936401799@localhost> In-Reply-To: Your message of "Fri, 03 Sep 1999 13:44:42 EDT." <Pine.BSF.4.00.9909031337390.18803-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> So what I'm wondering is whether the project is in need of someone to > digest, discuss, and regurgitate some of these things into security > advisories. I personally can appreciate the fact that an ordinary user or > admin might not be able to follow every bug that comes up on bugtraq or on More than actually generating advisories, something which our security officers do a pretty reasonable job on, what we *really* need is someone to test the existing advisories/random reports/etc and figure out which exploits or DoS attacks are actually genuine. Quite a bit of stuff gets sent to the security list and quite a bit of it often has no applicability whatsoever to FreeBSD, leading to a situation where security officers put it on the "test this at some point" pile and that pile can get pretty deep. When faced with a "this has been tested and the following releases of FreeBSD are vulnerable" sort of message, however, they know that it's clearly a matter for immediate attention and it gets "escallated" quite a bit. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?67508.936401799>