From owner-freebsd-security@freebsd.org  Fri Nov  4 09:02:13 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 073DAC2E8F8
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Fri,  4 Nov 2016 09:02:13 +0000 (UTC)
 (envelope-from gregory.orange@calorieking.com)
Received: from pandora.au.calorieking.net (mail.au.calorieking.net
 [115.70.179.114])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A87521046
 for <freebsd-security@freebsd.org>; Fri,  4 Nov 2016 09:02:12 +0000 (UTC)
 (envelope-from gregory.orange@calorieking.com)
Received: from pandora.au.calorieking.net (localhost [127.0.0.1])
 by pandora.au.calorieking.net (Postfix) with ESMTP id 4397716D
 for <freebsd-security@freebsd.org>; Fri,  4 Nov 2016 17:02:02 +0800 (WST)
X-Virus-Scanned: amavisd-new at calorieking.com
Received: from pandora.au.calorieking.net ([127.0.0.1])
 by pandora.au.calorieking.net (mail.au.calorieking.net [127.0.0.1])
 (amavisd-new, port 10024)
 with ESMTP id yrFbG7BUDSDL for <freebsd-security@freebsd.org>;
 Fri,  4 Nov 2016 17:02:01 +0800 (WST)
Received: from louis.dv.oranges.id.au (125-209-157-40.dyn.iinet.net.au
 [125.209.157.40])
 by pandora.au.calorieking.net (Postfix) with ESMTPSA id BBE04E6
 for <freebsd-security@freebsd.org>; Fri,  4 Nov 2016 17:02:01 +0800 (WST)
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:33.openssh
To: freebsd-security@freebsd.org
References: <20161102075533.8BBA114B5@freefall.freebsd.org>
 <201611021357.uA2DvHMW003088@higson.cam.lispworks.com>
 <CA+7WWSc+_Jjf+StVb2n367+7YSCw-RnGMTbT4nbaE88d_n57+g@mail.gmail.com>
 <b8dcb2aa-4149-89ad-e519-8ce68922d0a8@FreeBSD.org>
 <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org>
From: Gregory Orange <gregory.orange@calorieking.com>
Message-ID: <79b7122f-3b1a-377f-42bf-bd2851c5e6ae@calorieking.com>
Date: Fri, 4 Nov 2016 17:01:59 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <24ff198d-9bd2-9842-50d8-8a1d5e2ecf8a@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 09:02:13 -0000

On 04/11/16 16:39, Kubilay Kocak wrote:
> Security advisories should state explicitly when otherwise supported
> versions are not vulnerable. It's surprising this isn't already the case.
I disagree. If none of the version I have installed are listed, I don't 
read the rest of the advisory. Time saved. Listing them in a 'not 
affected' part of the message would add complexity and parsing for me - 
less time saved.

Greg.