Date: Mon, 03 Feb 1997 13:31:53 +0100 From: Poul-Henning Kamp <phk@critter.dk.tfs.com> To: tqbf@enteract.com Cc: dg@root.com, torbjorn@norway.eu.net, freebsd-security@FreeBSD.ORG Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <748.854973113@critter.dk.tfs.com> In-Reply-To: Your message of "Mon, 03 Feb 1997 05:37:28 CST." <199702031138.FAA21844@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199702031138.FAA21844@enteract.com>, "Thomas H. Ptacek" writes: >I do have a general problem with a lack of announcement from the >FreeBSD team about problems (as they're found), [...] Well, it is to some extent a conflict of interest thing. If I find a problem in some code, which I have not heard about anywhere else, I usually commit it with a rather toned down commit message. There is no reason to provide free munitions to criminals. On the other hand, vulnerabilities that have been announced publically we answer publically with the relevant information. We could of course loudly praise our own genius and tell the world every time we fix a problem, but we would essentially sell all of our users every time we did so. No easy solution I'm afraid. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?748.854973113>