Date: Tue, 21 Mar 2000 02:40:22 -0600 From: Dave McKay <dave@mu.org> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ports security advisories.. Message-ID: <20000321024022.A76613@elvis.mu.org> In-Reply-To: <Pine.BSF.4.21.0003201414580.11659-100000@freefall.freebsd.org>; from kris@FreeBSD.ORG on Mon, Mar 20, 2000 at 02:22:11PM -0800 References: <20000320154614.A63670@elvis.mu.org> <Pine.BSF.4.21.0003201414580.11659-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Welp.. I'm convinced. Kris Kennaway (kris@FreeBSD.ORG) wrote: > On Mon, 20 Mar 2000, Dave McKay wrote: >=20 > > Is it really necessary to post the ports security advisories? > > The exploitable programs are not part of the FreeBSD OS, they > > are third party software. I think the proper place for these > > is the Bugtraq mailing list on securityfocus.com. Also to add > > to the arguments, most of the advisories are not FreeBSD > > specific. >=20 > It's true they're not part of FreeBSD, but they're things which FreeBSD > people are quite likely to install. Is a root hole in (e.g.) sendmail any > worse than a root hole in a port you have installed? Both will hurt you > equally much. Suppose we only publicize the "popular" security advisories > - how do we quantify which ports are popular, and what about all the > people who have installed an "unpopular" port? >=20 > IMO, requiring people to wade through bugtraq to read the advisories is > too much to ask. Personally, I think receiving a security advisory (on > average) every few weeks is not much of a burden at all on most people's > mailboxes (especially since you can just scan through the headers and say > "hmm, mtr..nope, haven't installed it.." <delete>), but if there was > enough of a demand we could separate out the ports advisories from the > base system advisories onto another list. >=20 > Kris >=20 > ---- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@google.com I'm feeling lucky... --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBONc1dnY8vP7IQ1TlAQGq+AP+OO+g+yAYy7fyJLf+A3B6XMWYx3p5t7c0 k8iIOR9VQNsyfLDMhX8EQVI1ShziHkxAMDmyJINQYXmdHsE2YNKrkMmLfFMl+P79 tYG3Ur+K+z5kOm0SJ8Kef0lQmslHGljxtQOwQijN9pKkZPAAIUWvIvtbEzE0Avk2 vs/4OXBxP64= =bc/b -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000321024022.A76613>