From owner-freebsd-security Thu Jul 13 21: 2:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 5526A37BED2; Thu, 13 Jul 2000 21:02:55 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA01638; Thu, 13 Jul 2000 22:02:47 -0600 (MDT) Message-Id: <4.3.2.7.2.20000713215913.04b6b510@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 13 Jul 2000 22:02:44 -0600 To: Robert Watson From: Brett Glass Subject: Re: Displacement of Blame[tm] Cc: Jan Koum , security@FreeBSD.ORG, Warner Losh , Kris Kennaway In-Reply-To: References: <4.3.2.7.2.20000713191253.04ba03e0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:52 PM 7/13/2000, Robert Watson wrote: >When the figures came out, a number of members of the FreeBSD development >team contacted the folks at Security Focus and met with a very positive >and understanding response. That's great! But what happens when a mainstream publication does its own survey and gets it wrong? The correction, in 8 point type on a page mostly covered with masthead information, will hardly be noticed. Revising the subject line is easy, and I think it's worth doing. I can't believe that anyone would make a fuss about it. >One aspect of security education for our users needs to be learning to >distinguish "lots of advisories" with "lots of holes". I agree! Unfortunately, Red Hat has both, and has established the impression, among many, that they correlate. I think we should keep up the advisories but make it unmistakable even to the casual reader where the hole is. Agreed? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message