Date: Tue, 25 Jun 2002 00:25:47 -0400 (EDT) From: Jason Hunt <jhunt@lynden.on.ca> To: freebsd-security@FreeBSD.ORG Cc: Theo de Raadt <deraadt@cvs.openbsd.org>, Sean Kelly <smkelly@zombie.org>, Ted Cabeen <secabeen@pobox.com>, "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Subject: Re: Hogwash Message-ID: <20020625000308.S61629-100000@lethargic.dyndns.org> In-Reply-To: <200206250332.g5P3WQLJ024062@cvs.openbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 2002, Theo de Raadt wrote: > This one is clearly different. We have a tool which can avoid people being > holed, without having to publish a patch. > > If you don't understand that, please go back and study the situation more. > > By holding this information back for a few more days, we are > permitting a very important protocol to be upgraded in an immune way, > OR YOU CAN TURN IT OFF NOW. > By "tool", you mean a workaround, correct? Does this exception to full disclosures include all rootable exploits? Is it to be implied that a full disclosure becomes a reality once a patch is available? I for one respect what Theo does, but this whole thing seems kind of hypocritical. Then again, everyone is once in a while. So be it. Also, this talk of a trojan horse or whatever sounds like "hogwash". From what I've seen, I think people are getting "scared" into upgrading and using privsep. That's not necessarily a bad thing, it just seems kind of silly that people have to be scared in order to take security seriously. My two cents. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625000308.S61629-100000>