Date: Wed, 22 Jul 1998 09:38:02 +0100 (BST) From: Jay Tribick <netadmin@fastnet.co.uk> To: Jon Hamilton <hamilton@pobox.com> Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.BSF.3.96.980722093509.1949N-100000@bofh.fast.net.uk> In-Reply-To: <199807220004.RAA16588@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
| } A security team formed for that purpose. A group of people who DO hang on | } ever Bugtraq message (if not individually, then collectively). As for | } "-current won't compile" problems -- they're unlikely to occur because | } the patches will likely be to small bits of the OS. The patches are more likely to be parts of libexec, suid programs or anything that's running as a daemon or suid-root. I myself have modified many of the packages and daemons running on our servers so there's no way a patch can be installed autonomously without me getting the original source, patching that and then re-integrating all my new code into it! | } >Wave your hands some more. Are you _really_ sure that you trust your | } >local copy of pgp (or whatever other method you want to use)? | } | } As much as I trust CVSupping to close a hole. And, yes, I do place a high | } level of trust in strong crypto. As must all of us. | | All the world doesn't look like your installation, and solutions that | work just fine and make good sense for your installation may simply | not fit elsewhere. I agree - there will be always be servers out there that are too heavily patched by the admins own code that it's just not feasible to install every new security fix that comes out .. which brings us back to the band-aid problem :( Regards, Jay Tribick -- [| Network Administrator | FastNet International | http://fast.net.uk/ |] [| Finger netadmin@fastnet.co.uk for contact information |] [| T: +44 (0)1273 677633 F: +44 (0)1273 621631 e: netadmin@fast.net.uk |] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980722093509.1949N-100000>