From owner-freebsd-security Mon Mar 20 19:23:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from isr4033.urh.uiuc.edu (isr4033.urh.uiuc.edu [130.126.208.49]) by hub.freebsd.org (Postfix) with SMTP id A991637B85D for ; Mon, 20 Mar 2000 19:23:01 -0800 (PST) (envelope-from ftobin@uiuc.edu) Received: (qmail 30861 invoked by uid 1000); 21 Mar 2000 03:22:56 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 21 Mar 2000 03:22:56 -0000 Date: Mon, 20 Mar 2000 21:22:55 -0600 (CST) From: Frank Tobin X-Sender: ftobin@isr4033.urh.uiuc.edu To: FreeBSD-security Mailing List Subject: Re: ports security advisories.. In-Reply-To: <20000320154614.A63670@elvis.mu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dave McKay, at 15:46 -0600 on Mon, 20 Mar 2000, wrote: > Is it really necessary to post the ports security advisories? > The exploitable programs are not part of the FreeBSD OS, they > are third party software. I think the proper place for these > is the Bugtraq mailing list on securityfocus.com. Also to add > to the arguments, most of the advisories are not FreeBSD > specific. These advisories can often be considered FreeBSD specific because they can rely on how the port is maintained. For example, might they depend on whether we install the program setuid root or games, or if we accidentally might be applying a patch that could open/close the hole. -- Frank Tobin http://www.neverending.org/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message