Date: Tue, 21 Jul 1998 12:24:50 -0600 From: Brett Glass <brett@lariat.org> To: Jon Hamilton <hamilton@pobox.com> Cc: security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <199807211824.MAA14302@lariat.lariat.org> In-Reply-To: <199807210332.VAA00941@lariat.lariat.org> References: <Your message of "Mon, 20 Jul 1998 21:11:01 MDT." <199807210311.VAA00475@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:34 PM 7/20/98 -0500, Jon Hamilton wrote: >The sky is falling! Where is that warranty? Oh, that's right, there isn't >one. The people who are responsible for keeping those machines safe are >just going to have to be responsible for keeping them safe, I guess. And every one of them will respond instantly to every security advisory, so no crackers will ever get in. Nice fantasy. >True, but how often do we see problems where "-current won't compile" or >where patches went in which were unchecked or otherwise caused problems? >You're talking about a volunteer effort, and I just don't see you getting >the kind of rigor out of it that you'd need for something like you're >suggesting. This is not meant to denigrate the effort any of the >maintainers put in - I am arguing that it's not reasonable to expect such >a level of effort from them, and if not them, then who? A security team formed for that purpose. A group of people who DO hang on ever Bugtraq message (if not individually, then collectively). As for "-current won't compile" problems -- they're unlikely to occur because the patches will likely be to small bits of the OS. >Wave your hands some more. Are you _really_ sure that you trust your >local copy of pgp (or whatever other method you want to use)? As much as I trust CVSupping to close a hole. And, yes, I do place a high level of trust in strong crypto. As must all of us. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807211824.MAA14302>