Date: Fri, 28 Jan 2000 18:24:55 -0700 From: Warner Losh <imp@village.org> To: 3APA3A <3APA3A@SECURITY.NNOV.RU> Cc: Kris Kennaway <kris@hub.freebsd.org>, Masafumi NAKANE <max@wide.ad.jp>, serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: Re[2]: delegate buffer overflow (ports) Message-ID: <200001290124.SAA65757@harmony.village.org> In-Reply-To: Your message of "Fri, 28 Jan 2000 13:52:56 %2B0300." <18578.000128@sandy.ru> References: <18578.000128@sandy.ru> <200001280936.CAA60674@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <18578.000128@sandy.ru> 3APA3A writes: : Another one quite good solution may be to maintain the page on : FreeBSD.ORG with current security status for every port (known bugs, : potential bugs, known exploits, known accidents, both confirmed and : unconfirmed and risk level for local and remote security, latest : releases and patches). Of cause it makes a lot of additional work for : FreeBSD team, but IMHO if some port is included in FreeBSD : distribution, FreeBSD team should have some response for this port, : and this fact should eliminate including of unchecked software. Users : should be recommended to check the status of the port before : installing. Ports with high security risk shouldn't be included at : all. Kris and I have talked about doing something like this, and he'll likely start on something like this after 4.0-R is golden. I'm not sure exactly what form it will take, but Kris will certainly know. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001290124.SAA65757>