Date: Wed, 17 Sep 2003 20:49:01 -0700 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: bmah@freebsd.org, Nielsen <nielsen@memberwebs.com> Cc: freebsd-security@freebsd.org Subject: Re: ftp.freebsd.org out of date? (WRT security advisories) Message-ID: <5.0.2.1.1.20030917204627.02df0a38@popserver.sfu.ca> In-Reply-To: <200309180340.h8I3e8Hl042756@intruder.kitchenlab.org> References: <3F68FE17.5050700@memberwebs.com> <3F68FE17.5050700@memberwebs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 20:40 17/09/2003 -0700, Bruce A. Mah wrote: >I'm not sure what's a good solution to this. I know that security-team >is aware of the problem, in fact it came up in the security-officer BoF >at BSDCon. It was mentioned, but I don't recall anything being decided. >(One possibility might be to put the advisories on the Web site and >force an update immediately after an advisory is issued. I do this >during the late stages of a release cycle to push out the release >announcements and release notes. The problem with this, however, is >that everyone is conditioned to look to the FTP sites for advisories.) One option would be to put the patch signatures on the website (where they could be force-updated). Nobody would ever consider applying a patch without verified the attached signature, right? Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20030917204627.02df0a38>