From owner-freebsd-security Mon Jul 17 19:21:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id DD2F437B845 for ; Mon, 17 Jul 2000 19:21:15 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 31725 invoked by uid 0); 18 Jul 2000 02:21:11 -0000 Received: from p3e9d5152.dip.t-dialin.net (HELO speedy.gsinet) (62.157.81.82) by mail.gmx.net with SMTP; 18 Jul 2000 02:21:11 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id WAA07940 for freebsd-security@FreeBSD.ORG; Mon, 17 Jul 2000 22:17:53 +0200 Date: Mon, 17 Jul 2000 22:17:53 +0200 From: Gerhard Sittig To: freebsd-security@FreeBSD.ORG Subject: Re: Two kinds of advisories? Message-ID: <20000717221753.C24476@speedy.gsinet> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <4.3.2.7.2.20000716145126.049d4ba0@localhost> <4.3.2.7.2.20000717112703.04ce6250@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.7.2.20000717112703.04ce6250@localhost>; from brett@lariat.org on Mon, Jul 17, 2000 at 11:29:21AM -0600 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jul 17, 2000 at 11:29 -0600, Brett Glass wrote: > At 07:40 PM 7/16/2000, Jumpin' Joe Schroedl wrote: > > >A doctor owns a Porsche (excuse my prejudice that every > >wealthy person drives a Porsche ;). One day, he recieves a > >letter in the mail from Porsche with the message printed on > >the envelope 'Important Recall Information Inside.' Now > >should the Doctor a) panic and call his mechanic or b) open > >the letter and *read* it. Common sense dictates that a > >'Recall' message could mean anything from a 'not-so-cold' air > >conditioner to a serious safety defect. > > Whatever happens, though, the word will get out that Porsche is > issuing recall notices, and it will hurt their brand. That's > one of the effects we're seeing here. This thread turns out to run in rings around and around. If one fails to make clear that public problem reports are a means of saying "I *do* care" one fights an already lost battle. Do you really believe in "the ones who don't fix bugs (or never admit to have made mistakes) didn't fail"? Is it that hard to transport to your clients and prove "when there's no fix it's not a bug" wrong with real life examples of broken software? > What's more, it can be fixed by reformatting ONE LINE of each > advisory in a way that simply makes it more clear where the > problem lies. Making things more clear never hurts, IMHO. As long as we're talking about people who take 'grep -c $SYSTEM' output as a criterion without reading or respecting context, how are they supposed to get the message? The disclaimer is there. What else would it take to make them see it? Rearranging words won't differ in 'grep -c' results (or in the reception at the equally minded reader). Do we need sprinkling unsubscribe instructions over the subject and the message bodies' start and middle for those who don't scan footers for those things? I don't think so. The ones who can read already get the message. The others simply can't be helped, no matter how hard you try. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message