From owner-freebsd-security@FreeBSD.ORG Wed Apr 7 08:43:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B79AE16A4CE for ; Wed, 7 Apr 2004 08:43:34 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7736D43D53 for ; Wed, 7 Apr 2004 08:43:34 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))verified)) by gw.celabo.org (Postfix) with ESMTP id 672C25487F for ; Wed, 7 Apr 2004 10:42:21 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 0BDE76D455; Wed, 7 Apr 2004 10:42:21 -0500 (CDT) Date: Wed, 7 Apr 2004 10:42:20 -0500 From: "Jacques A. Vidrine" To: freebsd-security@FreeBSD.org Message-ID: <20040407154220.GA5651@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: Changing `security@freebsd.org' alias X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2004 15:43:34 -0000 Hello Folks, The official email address for this list is `freebsd-security@freebsd.org'. Due to convention, there is an email alias for this list: security@freebsd.org, just as there is for hackers@ & freebsd-hackers@, arch@ & freebsd-arch@, and so on. The security@freebsd.org alias has been the source of occassional problems. Several times in the past, postings have been made to that address under the assumption that address was directed to security response personnnel, and not a public mailing list. Of course, this was a reasonable assumption. Practically every vendor in the universe uses security@ for that purpose, largely because RFC 2142 strongly recommends it for that purpose. And sometimes one just makes a typo. It has not been too uncommon for people to forget the `-officer' part of `security-officer@freebsd.org'. (Yours truly has been guilty of this.) Mistaken early disclosure of a vulnerability can have consequences from the merely embarrasing to catastrophic. Therefore, I am proposing that `security@freebsd.org' be re-routed to the Security Officer. I imagine this will have some significant impact: there must be many references to security@freebsd.org as a public list out there. So, I thought I'd air the issue here before sending any request to postmaster@. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org