From owner-freebsd-security Thu Jul 13 16: 0:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from pebkac.owp.csus.edu (pebkac.owp.csus.edu [130.86.232.245]) by hub.freebsd.org (Postfix) with ESMTP id 8B8CF37B70F; Thu, 13 Jul 2000 16:00:07 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Received: from owp.csus.edu (mail.owp.csus.edu [130.86.232.247]) by pebkac.owp.csus.edu (8.9.3/8.9.3) with ESMTP id QAA70282; Thu, 13 Jul 2000 16:00:06 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Message-ID: <396E4960.B9D9B9AA@owp.csus.edu> Date: Thu, 13 Jul 2000 15:57:36 -0700 From: Joseph Scott X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Bengt Richter Cc: Robert Watson , security@FreeBSD.ORG Subject: Re: Two kinds of advisories? References: <4.3.2.7.2.20000713132400.04b73af0@localhost> <3.0.5.32.20000713141242.0093fbc0@mail.accessone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bengt Richter wrote: > (1) How about some simple categorization in the subject line, e.g., > Subject: FreeBSD Ports(SysUtil) Security Advisory: FreeBSD-SA-00:29.wu-ftpd > vs > Subject: FreeBSD Ports(Game) Security Advisory: FreeBSD-SA-...some-game > etc. I think this idea has some possibilities. I think this would be helpful for a wider range of people than just the unclued. > (2) Also, perhaps s/Ports/Optional Port/ to reinforce the idea that ports > are not a part of FreeBSD per se (and that a particular advisory is talking > about a particular port in the singular), for the panic-prone folks described, > who don't get to the disclaimer etc. before it's too late. This idea also has some merit. The concern would be the length of the subject, making it to big will defeat the purpose. > (3) If you want to get fancy, add tagged lines in the advisory itself tailored > for automatic extraction and (safe :) use in facilitating scripted > verification > of whether the receiving system had the vulnerable software installed, > or had the problem patched and fixed. With system log entry, and optional > email emitted about the check performed. Seems like an SA-Evaluation daemon > job, > acting on emails filtered to it. This would be even more interesting, although more of a separate discussion than just what to do to make the subject line more helpful. -- Joseph Scott joseph.scott@owp.csus.edu Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message