Date: Fri, 14 Jul 2000 11:45:24 +0100 From: Paul Robinson <wigstah@akitanet.co.uk> To: Neil Blakey-Milner <nbm@mithrandr.moria.org>, David Pick <D.M.Pick@qmw.ac.uk> Cc: Warner Losh <imp@village.org>, security@FreeBSD.ORG Subject: Re: Displacement of Blame[tm] Message-ID: <00071411574600.46406@foo.akitanet.co.uk> In-Reply-To: <20000714120932.A63784@mithrandr.moria.org> References: <200007140403.WAA30906@harmony.village.org> <E13D29h-0006WZ-00@xi.css.qmw.ac.uk> <20000714120932.A63784@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Jul 2000, Neil Blakey-Milner wrote: > It also claims the problem is in the FreeBSD port of <port>, and not in > <port>. I think we're now getting into the deepest symantic meanings that are just confusing people generally. The way I see it is that the following issues have to be addressed: - Users subscribed to freebsd-security wish to be made aware of any security problems that might occur on their system - freebsd-security attempts to inform users as soon as possible about any new holes or patches that may be required to maintain adequate security - sometimes, holes appear in applications shipped as part of /usr/ports - the FreeBSD team don't like it when people think this is the fault of the FreeBSD team - some people don't want to see the ports announcements in the first place - there are lots of clashing personalities around here There are a couple of very easy solutions to this, but first I'm going to have my 2 cents and have my rant. <rant> Anybody who just does cd /usr/ports/<area>/<package> and then types 'make; make install' deserves to be r00ted in 5 minutes anyway. Ports are there to make it easier to make and install packages - not for you to not have to go and read the packages homepage and documentation. If you install something, perhaps you should keep an eye on the mailing lists around it, or check the homepage occasionally. Maybe even subscribe to BUGTRAQ if you do this a lot. </rant> What I would propose is this - why don't we have 2 lists - one for freebsd-security where genuine issues with security in the core FreeBSD distro are discussed, and another (freebsd-ports-security for example) where announcments on ports shipped with FreeBSD are announced. This solves the problem that those who don't want ports announcements don't get them, those who do want them do actually get them, it's clear that the announcements are either about freebsd or a port and finally it means we can stop having this argument. Or has this idea already been dismissed because of some grammatical argument over whether it should be ports-security or security-ports??? -- Paul Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00071411574600.46406>