Date: Mon, 17 Jul 2000 22:17:53 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Two kinds of advisories? Message-ID: <20000717221753.C24476@speedy.gsinet> In-Reply-To: <4.3.2.7.2.20000717112703.04ce6250@localhost>; from brett@lariat.org on Mon, Jul 17, 2000 at 11:29:21AM -0600 References: <4.3.2.7.2.20000716145126.049d4ba0@localhost> <Pine.BSF.4.21.0007161916300.52298-100000@localhost> <4.3.2.7.2.20000717112703.04ce6250@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 17, 2000 at 11:29 -0600, Brett Glass wrote:
> At 07:40 PM 7/16/2000, Jumpin' Joe Schroedl wrote:
>
> >A doctor owns a Porsche (excuse my prejudice that every
> >wealthy person drives a Porsche ;). One day, he recieves a
> >letter in the mail from Porsche with the message printed on
> >the envelope 'Important Recall Information Inside.' Now
> >should the Doctor a) panic and call his mechanic or b) open
> >the letter and *read* it. Common sense dictates that a
> >'Recall' message could mean anything from a 'not-so-cold' air
> >conditioner to a serious safety defect.
>
> Whatever happens, though, the word will get out that Porsche is
> issuing recall notices, and it will hurt their brand. That's
> one of the effects we're seeing here.
This thread turns out to run in rings around and around. If one
fails to make clear that public problem reports are a means of
saying "I *do* care" one fights an already lost battle.
Do you really believe in "the ones who don't fix bugs (or never
admit to have made mistakes) didn't fail"? Is it that hard to
transport to your clients and prove "when there's no fix it's not
a bug" wrong with real life examples of broken software?
> What's more, it can be fixed by reformatting ONE LINE of each
> advisory in a way that simply makes it more clear where the
> problem lies. Making things more clear never hurts, IMHO.
As long as we're talking about people who take 'grep -c $SYSTEM'
output as a criterion without reading or respecting context, how
are they supposed to get the message? The disclaimer is there.
What else would it take to make them see it? Rearranging words
won't differ in 'grep -c' results (or in the reception at the
equally minded reader).
Do we need sprinkling unsubscribe instructions over the subject
and the message bodies' start and middle for those who don't scan
footers for those things? I don't think so. The ones who can
read already get the message. The others simply can't be helped,
no matter how hard you try.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000717221753.C24476>