Date: Tue, 21 Jul 1998 15:34:07 -0400 (EDT) From: "Matthew N. Dodd" <winter@jurai.net> To: Brett Glass <brett@lariat.org> Cc: Jon Hamilton <hamilton@pobox.com>, security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.BSF.3.96.980721153012.10970v-100000@sasami.jurai.net> In-Reply-To: <199807211824.MAA14302@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Jul 1998, Brett Glass wrote: > At 10:34 PM 7/20/98 -0500, Jon Hamilton wrote: > > >The sky is falling! Where is that warranty? Oh, that's right, there isn't > >one. The people who are responsible for keeping those machines safe are > >just going to have to be responsible for keeping them safe, I guess. > > And every one of them will respond instantly to every security advisory, > so no crackers will ever get in. Nice fantasy. The last time we had a major sendmail problem the response time of the group I was in was about 4 hours; a dozen machines fixed, patches integrated into private source trees etc. -That- is the kind of turn around time you need when you're using free software. If you're not able so stand on the line and keep watch, set procmail up to turn down your network every time a Bugtraq message with 'exploit' and 'foo' turns up. > A security team formed for that purpose. A group of people who DO hang on > ever Bugtraq message (if not individually, then collectively). As for > "-current won't compile" problems -- they're unlikely to occur because > the patches will likely be to small bits of the OS. Who pays this team then? > As much as I trust CVSupping to close a hole. And, yes, I do place a high > level of trust in strong crypto. As must all of us. *yawn* This is going to be the next "Information wants to be free!" type mantra isn't it. /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980721153012.10970v-100000>