From owner-freebsd-security  Thu Nov  5 10:22:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA10126
          for freebsd-security-outgoing; Thu, 5 Nov 1998 10:22:17 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from infowest.com (ns1.infowest.com [204.17.177.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA10120
          for <security@freebsd.org>; Thu, 5 Nov 1998 10:22:15 -0800 (PST)
          (envelope-from agifford@infowest.com)
Received: from infowest.com (eq.net [207.49.60.250])
	by infowest.com (8.8.8/8.8.8) with ESMTP id LAA20326
	for <security@freebsd.org>; Thu, 5 Nov 1998 11:22:04 -0700 (MST)
Message-ID: <3641ECC1.772D9737@infowest.com>
Date: Thu, 05 Nov 1998 11:21:53 -0700
From: "Aaron D. Gifford" <agifford@infowest.com>
X-Mailer: Mozilla 4.07 [en] (X11; I; FreeBSD 2.2.7-STABLE i386)
MIME-Version: 1.0
To: security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:08.fragment
References: <16481.910223203@time.cdrom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Jordan K. Hubbard wrote:
> 
> > I read the advisory. Often, problems cover other versions as
> > well as the one(s) mentioned. And, since I'm paranoid, I
> 
> Security advisories are generally very careful to mention *every*
> version covered, an advisory having little value if this piece of
> information is not accurate.  It also avoids a flood of unnecessary
> "is my release affected?!" messages. :-)
> 
> - Jordan
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

However, if you TRULY wanted to avoid an "is my release affected?"
posts, an additional line in the advisory saying something like
"Versions 2.2.7 and 2.2.7-STABLE as of <date> are not affected." would
be handy to see in the advisory as well, since the 2.2.7 line is still
viable and popular.  I can understand the problem that would be involved
if one tried to mention EVERY version NOT affected (which would be
ridiculous), but a single line mentioning viable release versions NOT
affected would be nice.

Aaron out.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message