Date: Mon, 20 Mar 2000 20:33:48 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@FreeBSD.ORG Subject: Re: ports security advisories.. Message-ID: <4.2.2.20000320202203.03826c60@mail.sentex.net> In-Reply-To: <20000321071528.B5AB41CC9@overcee.netplex.com.au> References: <Message from Dave McKay <dave@mu.org> <20000320154614.A63670@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:15 PM 3/20/2000 -0800, Peter Wemm wrote:
>Dave McKay wrote:
>
> > Is it really necessary to post the ports security advisories?
> > The exploitable programs are not part of the FreeBSD OS, they
> > are third party software. I think the proper place for these
> > is the Bugtraq mailing list on securityfocus.com. Also to add
> > to the arguments, most of the advisories are not FreeBSD
> > specific.
>
>Sadly yes, it seems it is. If we get in first, we get to remind people
>that it's not a standard part of FreeBSD etc. Otherwise people post on
>bugtraq "security hole in FreeBSD, no public response after a week" style
>things which do not look good at all. Doing it this way is a bit
>irritiating but is the least evil of the alternatives.
I think its a great and valuable service. There are times when even
bugtraq can be a bit late. Furthermore, new users often do not know that
the ports are something separate from FreeBSD. As PW said, it gives an
opportunity to be proactive and give the SA a proper context. Also, a
little repetition here I think is a good thing. There are way too many
machines out on the net that are insecure and open to abuse. Getting a
potentially important security advisory twice (or even 3 times) is not
going to kill anyone and might cajole a few more people to deal with the
issue. Besides, the Ports SAs so far have been concise, to the point and
always potentially relevant. Although the bugtraq guy does a pretty good
job of moderating the list, there can be too much "I just got scanned, what
does it mean???". I think the Ports Security Officer should be
congratulated for taking on such a large and valuable job! Way to go PSO!
---Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000320202203.03826c60>