From owner-freebsd-doc@FreeBSD.ORG  Mon Nov 10 08:35:32 2003
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AB4E816A4CE
	for <freebsd-doc@FreeBSD.org>; Mon, 10 Nov 2003 08:35:32 -0800 (PST)
Received: from pi.codefab.com (pi.codefab.com [66.234.138.67])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6CB5B43FD7
	for <freebsd-doc@FreeBSD.org>; Mon, 10 Nov 2003 08:35:31 -0800 (PST)
	(envelope-from cswiger@mac.com)
Received: from [10.1.1.193] (dpvc-68-161-244-25.ny325.east.verizon.net
	[68.161.244.25])
	by pi.codefab.com (8.12.9p2/8.12.10) with ESMTP id hAAGZJEC019338;
	Mon, 10 Nov 2003 11:35:19 -0500 (EST)
In-Reply-To: <575B3AA8-1396-11D8-85F3-0003936FD06A@usfamily.net>
References: <575B3AA8-1396-11D8-85F3-0003936FD06A@usfamily.net>
Mime-Version: 1.0 (Apple Message framework v606)
Content-Type: text/plain; charset=WINDOWS-1252; format=flowed
Message-Id: <DEDC6F31-139B-11D8-AD24-003065ABFD92@mac.com>
Content-Transfer-Encoding: quoted-printable
From: Charles Swiger <cswiger@mac.com>
Date: Mon, 10 Nov 2003 11:35:18 -0500
To: "Mr.Arlen Britton" <Eg4VMnCmkP4hAKgEu97trXEdkeK@usfamily.net>
X-Mailer: Apple Mail (2.606)
X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.60
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	pi.codefab.com
cc: freebsd-doc@FreeBSD.org
Subject: Re: Web Site Usability
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2003 16:35:32 -0000

On Nov 10, 2003, at 10:55 AM, Mr.Arlen Britton wrote:
> Your site needs some work to make it usable for the average person,=20
> instead of the system administrators of these systems. For example, if=20=

> one were looking for security patches or vulnerabilities for Mac OS X,=20=

> there seems no way to search for them; I tried and got no results that=20=

> identified anything this way.

You're searching for MacOS X security holes on www.freebsd.org?  This=20
counts as "operator error", not a problem with the FreeBSD web site.

> At the same time, if you have a patch for the specific vulnerabilities=20=

> in question, I don't think it would be too difficult for you to=20
> identify whether or not the flaw exists in previous versions of an OS=20=

> (and which ones), and whether or not the patch would fix it in those=20=

> versions.

The left nav bar used for primary navigation from www.freebsd.org's=20
home page includes "Security", which takes you to=20
http://www.freebsd.org/security/.  The security page discusses the=20
security officers for the FreeBSD project, and then provides a list of=20=

security advisories, sorted by operating system release.

> I think working closely with the OS vendors would enable them to=20
> provide this information to you.

You're confused: the FreeBSD project is an operating system vendor.

> Finally, you need to find a common method of identifying patches that=20=

> are specific to each OS version, rather than the cryptic names you now=20=

> give them; it certainly doesn't tell me anything at all, so I'm sure a=20=

> much less sophisticated end user would be even more confused.

The list looks like this:

"Advisories are always signed using the FreeBSD Security Officer PGP=20
key and are archived, along with their associated patches, at our FTP=20
CERT repository. At the time of this writing, the following advisories=20=

are currently available (note that this list may be a few days out of=20
date - for the very latest advisories please check the FTP site):

	=95 	FreeBSD-SA-03:15.openssh.asc
	=95 	FreeBSD-SA-03:18.openssl.asc
	=95 	FreeBSD-SA-03:17.procfs.asc
	=95 	FreeBSD-SA-03:16.filedesc.asc
	=95 	FreeBSD-SA-03:14.arp.asc
	=95 	FreeBSD-SA-03:13.sendmail.asc
	=95 	FreeBSD-SA-03:12.openssh.asc
	=95 	FreeBSD-SA-03:11.sendmail.asc
	=95 	FreeBSD-SA-03:10.ibcs2.asc
	=95 	FreeBSD-SA-03:09.signal.asc
	=95 	FreeBSD-SA-03:08.realpath.asc

FreeBSD 5.1-RELEASE released.
	=95 	FreeBSD-SN-03:02.asc
	=95 	FreeBSD-SN-03:01.asc

FreeBSD 4.8-RELEASE released.
	=95 	FreeBSD-SA-03:07.sendmail.asc
	=95 	FreeBSD-SA-03:06.openssl.asc
	=95 	FreeBSD-SA-03:05.xdr.asc
	=95 	FreeBSD-SA-03:04.sendmail.asc
	=95 	FreeBSD-SA-03:03.syncookies.asc
	=95 	FreeBSD-SA-03:02.openssl.asc
	=95 	FreeBSD-SA-03:01.cvs.asc
[ ... ]"

Is it hard to determine that the security advisiories deal with=20
OpenSSH, OpenSSL, /procfs, ...sendmail several times, etc?

> When can these changes be made?

If you have specific changes that you believe would help, submit them=20
as a PR or post them for us to review.

--=20
-Chuck