From owner-freebsd-security  Mon Jul 17 10:20:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
	by hub.freebsd.org (Postfix) with ESMTP id EF76037BA9F
	for <security@FreeBSD.ORG>; Mon, 17 Jul 2000 10:20:04 -0700 (PDT)
	(envelope-from narvi@haldjas.folklore.ee)
Received: from localhost (narvi@localhost)
	by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id TAA59097;
	Mon, 17 Jul 2000 19:19:54 +0200 (EET)
	(envelope-from narvi@haldjas.folklore.ee)
Date: Mon, 17 Jul 2000 19:19:54 +0200 (EET)
From: Narvi <narvi@haldjas.folklore.ee>
To: Justin Wolf <jjwolf@bleeding.com>
Cc: security@FreeBSD.ORG
Subject: Re: Displacement of Blame[tm]
In-Reply-To: <Pine.BSF.4.21.0007131553420.38638-100000@neo.bleeding.com>
Message-ID: <Pine.BSF.3.96.1000717191721.70622K-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 13 Jul 2000, Justin Wolf wrote:

> > 1.  The method that the person recieves the at risk program is from
> > FreeBSD.  IE: I installed it from the ports collection.  While the
> > software it's self is not developed by FreeBSD, the distribution
> > method is.  I imagine this is something similar to Toys'R'Us removing
> > a dangerous toy from their shelves and telling the whole world about
> > it.  Toys'R'us didn't make they toy, but there are responsible for
> > making it available to the portion of the public that shops there.
> 
> Everyone know's Toys 'R' Us doesn't make toys, so it can be assumed it's
> not their fault the toy was dangerous.  FBSD does, however, make
> software.  So the distinction is a little more blurred (nevermind the
> fact that FBSD is an OS and the ports are applications... this is a little
> too gray of an area for most users - I know some people who think Word is
> an OS).
> 

I'm sure Toys'R'Us doesn't stand a chance in a court if a child chokes on
details of a toy bought from Toys'R'Us and it did not have the "Not
suitable for children under X years" sign. 

Not giving out the ports advisories would be extremely bad perfomance -
and I really doubt that's what is in question.

> 
> -Justin
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message