From owner-freebsd-security  Mon May 13  6:34:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97])
	by hub.freebsd.org (Postfix) with ESMTP id 8554937B406
	for <security@FreeBSD.ORG>; Mon, 13 May 2002 06:34:11 -0700 (PDT)
Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115])
	by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id JAA25075;
	Mon, 13 May 2002 09:37:24 -0400
Received: from localhost (mitch@localhost)
	by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id JAA13642;
	Mon, 13 May 2002 09:34:10 -0400
X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs
Date: Mon, 13 May 2002 09:34:10 -0400 (EDT)
From: Mitch Collinsworth <mitch@ccmr.cornell.edu>
To: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>
Cc: security@FreeBSD.ORG
Subject: RE: DHCPD bug
In-Reply-To: <6C506EA550443D44A061432F1E92EA4C6C5156@ing.com>
Message-ID: <Pine.LNX.4.44.0205130927560.10373-100000@ruby.ccmr.cornell.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Mon, 13 May 2002, Carroll, D. (Danny) wrote:

> :> Nice and prudent.
> :
> :Sheesh.  Nice would have been sending their patch to Ted when they
> :discovered it back in 2000.
>
> True....
>
> But my point is, maybe a simple sed or perl script ran over the source
> might yeild other potential problems?

I agree with your point.  My point is, if they don't report bugs as
they find them back to the maintainers then a) they're going to have
to keep patching the same bugs every time they integrate new versions
of code brought in from other projects, and b) noone else benefits
from their having found the bug and it continues to exist until someone
else finds it.

They are of course free to report or not report bugs as they choose, but
in a case like this where they're using and benefitting from someone
else's work I'd say not reporting violates the spirit of open source
development.

-Mitch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message