From owner-freebsd-security  Sun Jun 30 11:21:54 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id LAA03829
          for security-outgoing; Sun, 30 Jun 1996 11:21:54 -0700 (PDT)
Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [128.120.56.38])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA03820
          for <freebsd-security@freebsd.org>; Sun, 30 Jun 1996 11:21:52 -0700 (PDT)
Received: (from obrien@localhost) by relay.nuxi.com (8.6.12/8.6.12) id LAA20002; Sun, 30 Jun 1996 11:21:59 -0700
From: "David E. O'Brien" <obrien@Nuxi.cs.ucdavis.edu>
Message-Id: <199606301821.LAA20002@relay.nuxi.com>
Subject: Re: BoS: Re: [linux-security] BoS: CERT Advisory CA-96.12 -   Vulnerability
To: jmb@FRB.GOV (Jonathan M. Bresler)
Date: Sun, 30 Jun 1996 11:21:58 -0700 (PDT)
Cc: freebsd-security@freebsd.org
In-Reply-To: <199606301536.LAA15220@kryten.frb.gov> from "Jonathan M. Bresler" at Jun 30, 96 11:36:21 am
X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Keyid: 34F9F9D5
X-Mailer: ELM [version 2.4 PL24 ME8a]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 	CERT sends out a notice as soon as the vendor agrees.
> 	the issue is not CERT, the issue is CERT's policy of waiting for
> 	the vendor regardless of how long the vendor takes to produce
> 	a fix.  (hours?  days?  weeks? .....)
> 
> 	its the unlimited waiting period that tweaks people.
> 
> jmb
> -- 
> Jonathan M. Bresler             202-452-2831                 breslerj@frb.gov

Speaking of delays to produce a notice, what is FreeBSD's policy?
What is the policy on full-disclosure?

-- David    (obrien@cs.ucdavis.edu)