Date: Thu, 5 Nov 1998 17:34:04 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: "Aaron D. Gifford" <agifford@infowest.com>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-98:08.fragment Message-ID: <v04011706b267d716ad0b@[128.113.24.47]> In-Reply-To: <3641ECC1.772D9737@infowest.com> References: <16481.910223203@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:21 AM -0700 11/5/98, Aaron D. Gifford wrote: >Jordan K. Hubbard wrote: >> >> Security advisories are generally very careful to mention *every* >> version covered, an advisory having little value if this piece of >> information is not accurate. It also avoids a flood of unnecessary >> "is my release affected?!" messages. :-) >> >> - Jordan > > > However, if you TRULY wanted to avoid an "is my release affected?" > posts, an additional line in the advisory saying something like > "Versions 2.2.7 and 2.2.7-STABLE as of <date> are not affected." > would be handy to see in the advisory as well, since the 2.2.7 > line is still viable and popular. At which point, 2.2.6 users will immediately say "Hey! You explicitly mentioned that 2.2.7 is not effected, but you didn't say anything about 2.2.6. Does that mean I have to upgrade?" Perhaps the notice could be a bit more clear with a generic "no other versions are effected", but I think it will be even more confusing if the notice explicitly mentions one version which is not effected, but doesn't mention other ones which are also not effected. --- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011706b267d716ad0b>