From owner-freebsd-security Sat Sep 30 1: 5:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id DD91537B503; Sat, 30 Sep 2000 01:05:36 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8U85NU97964; Sat, 30 Sep 2000 01:05:24 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: "Brian F. Feldman" Cc: Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from "Brian F. Feldman" of "Sat, 30 Sep 2000 00:24:00 EDT." <200009300424.e8U4O1533513@green.dyndns.org> Date: Sat, 30 Sep 2000 01:05:23 -0700 Message-ID: <97960.970301123@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > So, how about it? Should we set up a page so we have a URL to put in the > Pine insecurity notice that shows, "you can live without Pine"? I'd propose > the first two most popular mailers (it seems) after Pine: mutt and exmh. I seriously doubt anybody would be willing to go to that much trouble, making this suggestion sort of a no-op at best. It seems to me that we'll be getting just a tad like those 50's politicians who saw communists under every bed if we're just going to start blacklisting useful ports left and right without fixing them. If we can prove a vulnerability (and not just the risk of one, since risks are everywhere) then we should FIX the vulnerability and move on. We don't have to get the changes taken back and we don't have to do anything fancier than drop patches into the relevant ports directories. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message