Date: Mon, 10 Nov 2003 11:35:18 -0500 From: Charles Swiger <cswiger@mac.com> To: "Mr.Arlen Britton" <Eg4VMnCmkP4hAKgEu97trXEdkeK@usfamily.net> Cc: freebsd-doc@FreeBSD.org Subject: Re: Web Site Usability Message-ID: <DEDC6F31-139B-11D8-AD24-003065ABFD92@mac.com> In-Reply-To: <575B3AA8-1396-11D8-85F3-0003936FD06A@usfamily.net>
index | next in thread | previous in thread | raw e-mail
On Nov 10, 2003, at 10:55 AM, Mr.Arlen Britton wrote: > Your site needs some work to make it usable for the average person, > instead of the system administrators of these systems. For example, if > one were looking for security patches or vulnerabilities for Mac OS X, > there seems no way to search for them; I tried and got no results that > identified anything this way. You're searching for MacOS X security holes on www.freebsd.org? This counts as "operator error", not a problem with the FreeBSD web site. > At the same time, if you have a patch for the specific vulnerabilities > in question, I don't think it would be too difficult for you to > identify whether or not the flaw exists in previous versions of an OS > (and which ones), and whether or not the patch would fix it in those > versions. The left nav bar used for primary navigation from www.freebsd.org's home page includes "Security", which takes you to http://www.freebsd.org/security/. The security page discusses the security officers for the FreeBSD project, and then provides a list of security advisories, sorted by operating system release. > I think working closely with the OS vendors would enable them to > provide this information to you. You're confused: the FreeBSD project is an operating system vendor. > Finally, you need to find a common method of identifying patches that > are specific to each OS version, rather than the cryptic names you now > give them; it certainly doesn't tell me anything at all, so I'm sure a > much less sophisticated end user would be even more confused. The list looks like this: "Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available (note that this list may be a few days out of date - for the very latest advisories please check the FTP site): • FreeBSD-SA-03:15.openssh.asc • FreeBSD-SA-03:18.openssl.asc • FreeBSD-SA-03:17.procfs.asc • FreeBSD-SA-03:16.filedesc.asc • FreeBSD-SA-03:14.arp.asc • FreeBSD-SA-03:13.sendmail.asc • FreeBSD-SA-03:12.openssh.asc • FreeBSD-SA-03:11.sendmail.asc • FreeBSD-SA-03:10.ibcs2.asc • FreeBSD-SA-03:09.signal.asc • FreeBSD-SA-03:08.realpath.asc FreeBSD 5.1-RELEASE released. • FreeBSD-SN-03:02.asc • FreeBSD-SN-03:01.asc FreeBSD 4.8-RELEASE released. • FreeBSD-SA-03:07.sendmail.asc • FreeBSD-SA-03:06.openssl.asc • FreeBSD-SA-03:05.xdr.asc • FreeBSD-SA-03:04.sendmail.asc • FreeBSD-SA-03:03.syncookies.asc • FreeBSD-SA-03:02.openssl.asc • FreeBSD-SA-03:01.cvs.asc [ ... ]" Is it hard to determine that the security advisiories deal with OpenSSH, OpenSSL, /procfs, ...sendmail several times, etc? > When can these changes be made? If you have specific changes that you believe would help, submit them as a PR or post them for us to review. -- -Chuckhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DEDC6F31-139B-11D8-AD24-003065ABFD92>