From owner-freebsd-security Thu Jul 13 20:58: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 0007A37BDEC; Thu, 13 Jul 2000 20:57:55 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id XAA78420; Thu, 13 Jul 2000 23:57:52 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 13 Jul 2000 23:57:51 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Kris Kennaway Cc: Frank Tobin , security@FreeBSD.org Subject: Re: Two kinds of advisories? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 13 Jul 2000, Kris Kennaway wrote: > This is already apparent from the "FreeBSD only: NO" in most of the 33 > advisories this year, but it's not professional to name the other > platforms explicitly (besides the fact that we can't always be sure, as I > learned once the hard way when I overestimated the severity of a NetBSD > vulnerability). Absolutely. I see anything other than a claim about it being specific to us as being unprofessional. I've seen some other advisories from other groups that rashly claim things like, ``Affects all other UNIX operating systems,'' which is almost always false :-). The best we can do is declare whether or not we believe there is the potential for affecting other operating systems or not, and accept that the bug affects us. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message