From owner-freebsd-security  Fri Apr  6 13: 4:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sj-msg-core-4.cisco.com (sj-msg-core-4.cisco.com [171.71.163.10])
	by hub.freebsd.org (Postfix) with ESMTP id C82E037B424
	for <security@FreeBSD.ORG>; Fri,  6 Apr 2001 13:04:35 -0700 (PDT)
	(envelope-from bmah@cisco.com)
Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42])
	by sj-msg-core-4.cisco.com (8.9.3/8.9.1) with ESMTP id NAA04611;
	Fri, 6 Apr 2001 13:04:35 -0700 (PDT)
Received: (from bmah@localhost)
	by bmah-freebsd-0.cisco.com (8.11.3/8.11.1) id f36K4Vc96330;
	Fri, 6 Apr 2001 13:04:31 -0700 (PDT)
	(envelope-from bmah)
Message-Id: <200104062004.f36K4Vc96330@bmah-freebsd-0.cisco.com>
X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4
To: Roger Marquis <marquis@roble.com>
Cc: security@FreeBSD.ORG
Subject: Re: http://www.freebsd.org/security being maintained? (ntpd/ftpd/...) 
In-Reply-To: <Pine.BSF.4.21.0104042009120.3808-100000@roble.com> 
References: <Pine.BSF.4.21.0104042009120.3808-100000@roble.com>
Comments: In-reply-to Roger Marquis <marquis@roble.com>
   message dated "Wed, 04 Apr 2001 20:11:13 -0700."
From: "Bruce A. Mah" <bmah@FreeBSD.ORG>
Reply-To: bmah@FreeBSD.ORG
X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5<Pi&akO)o^8;[r
 %l(8ZHlbF`dD>v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A
 2V%N&+
X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif
X-Url: http://www.employees.org/~bmah/
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_338369850P";
	 micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 06 Apr 2001 13:04:31 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

--==_Exmh_338369850P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, Roger Marquis wrote:
> Is anyone maintaining http://www.freebsd.org/security/?  I ask
> because it hasn't been updated in over a month and contains no
> information on the ntpd or ftpd vulnerabilities.

Well, for the ntpd problem, that just cropped up in the last 48 hours, 
and the latest commits to -CURRENT and -STABLE happened within the last
4 hours.  It's kind of premature to issue an advisory before the 
problem has been completely fixed...give security-officer@ a break, 
already...  :-)

That being said, you do have a point in that the Web page isn't
up-to-date.  I'll add that the FTP archive of advisories is missing
several files as well.  

As a result, the release notes cross-reference security advisories that
no one can find (specifically 01:28 and 01:29). 

I don't know if this more the domain of the Web site maintainers or the
security-officer team, but it'd be real nice to get these two things
fixed up before 4.3-RELEASE.  Anyone?  Thanks from Mr. Relnotes.

Cheers,

Bruce.



--==_Exmh_338369850P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: Exmh version 2.2 06/23/2000

iD8DBQE6ziFO2MoxcVugUsMRAus/AKD51aIPwzEKiDr0MUNJNwyYTTIVdgCfWq8A
KXdX42Elg3hMjRfMTY7LhaI=
=GnfW
-----END PGP SIGNATURE-----

--==_Exmh_338369850P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message