From owner-freebsd-security Tue Jul 21 19:55:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA17546 for freebsd-security-outgoing; Tue, 21 Jul 1998 19:55:46 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA17539 for ; Tue, 21 Jul 1998 19:55:43 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id UAA23447; Tue, 21 Jul 1998 20:55:15 -0600 (MDT) Message-Id: <199807220255.UAA23447@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 21 Jul 1998 20:55:13 -0600 To: Jon Hamilton From: Brett Glass Subject: Re: Making it work (Was: Why is there no info on the QPOPPER hack?) Cc: security@FreeBSD.ORG In-Reply-To: <199807220211.UAA22700@lariat.lariat.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:13 PM 7/21/98 -0500, Jon Hamilton wrote: >And this team is going to flash the bat signal and gather round the >table every time any member finds any problem in any software? If it's in the Ports collection or in a built-in FreeBSD utility, an alert should go out, certainly. >How do >you balance the delay of having many people examine the problem (and the >fix) vs. having fewer people do the work and getting the result out more >quickly? How large is this team? What happens when there's disagreement >among the team as to what is or isn't a good fix? What about the fact that >you're still applying band-aids to poorly written code in the first place, >in effect treating the symptom rather than the cause? How are these problems handled by the current development team? >You've found the right motivation, but I don't think you'll find enough people >who are both interested in such an endeavor and willing/able to be part of >a group such as you're describing. Once you get a group larger than a >certain critical mass, it becomes a time sucking pig trying to generate >some semblance of consensus, and people spend lots of time bickering rather >than doing something more productive. You're very pessimistic! Who here is more optimistic and would be willing to try it? >I suspect that you meant that in a big picture sort of way, your idea would >solve more problems than it creates. I still think there's more hidden >overhead in there than you're acknowledging, and there are other problems >waiting to bite you which you seem eager to dismiss out of hand, Again, you're being incredibly pessimistic. I think it can work. Volunteers for the "instant update" team, please send me private e-mail! --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message