From owner-freebsd-questions@FreeBSD.ORG Tue Sep 15 23:32:29 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DD17106566B for ; Tue, 15 Sep 2009 23:32:29 +0000 (UTC) (envelope-from anti_spam256@yahoo.ca) Received: from web65504.mail.ac4.yahoo.com (web65504.mail.ac4.yahoo.com [76.13.9.48]) by mx1.freebsd.org (Postfix) with SMTP id 073258FC16 for ; Tue, 15 Sep 2009 23:32:28 +0000 (UTC) Received: (qmail 57076 invoked by uid 60001); 15 Sep 2009 23:32:27 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s1024; t=1253057547; bh=tEKFLQIUEGTJQDFeMz7gbB3Mg1Kcc+25fKyQMbK2Lkg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=KIeew7sNHgjZfRKZ4hFDw1BNjydligQY4mVoDe8xBdeeqiLpzygyBM2JDEKnJ3OXyQuT4TqL5nXZpXm4gd1XGn8AxKrsbGvOkU8ZnRzpMGCHEfn0dEuMRgPqIUuCuA5fIEKKbwmpW7G9ljJFNHfRfjKIQKKkS+ZhLkbMDmzF384= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=389pxalopXO/9VoXlLGCZj7zzRAYJ4iHdh4+yVVoBFny5TU585RuvT8mS9bhWSaDYFedOAOIxkCKfsn8BLfyst1Ngmj3neYLPX3wFvY9ZUKCbtJgm+8O+MrcAJvaLemEue3wcD0I/tx5ep3C+QeVW0pSGHCAoTwGXBwGQ6sq1BM=; Message-ID: <397697.56713.qm@web65504.mail.ac4.yahoo.com> X-YMail-OSG: XVfPawwVM1k3fhXZYGd75VqxBguvEIv4ZofAx_dx5bJBxardE5OubEOy04cDhy81vEmIfxKGBXYqxWi4LOGeD61ABKqvz4AFyyUXT_yLeX0hsmkIU4tM_1Y6wWNmK8vyXqwdX22Kk__iSKGwY7RUyhYuo6r.S54WZ73jpyKvD.UeoGG.n58HRNToyvzXLFl0hCaX4zwtZkA8j68renndyXO6YuZOqblvRyYx2UGFzai.p52ui8vepeyNBhAstR_PAzsmgM5VHuWrQ_gTMUGpJUkH4KQXzIw61bH3ws4F8EXCW1cU85tlxaicQfln7kNi0Tn.u1BfeJEtKHZpTymQPY5QguRua.HqQrYZyBD5UCj8WVi9IH8- Received: from [208.99.137.71] by web65504.mail.ac4.yahoo.com via HTTP; Tue, 15 Sep 2009 16:32:27 PDT X-Mailer: YahooMailClassic/6.1.2 YahooMailWebService/0.7.338.2 Date: Tue, 15 Sep 2009 16:32:27 -0700 (PDT) From: James Phillips To: freebsd-questions@freebsd.org In-Reply-To: <20090915192353.08EFB1065696@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: freebsd-questions Digest, Vol 276, Issue 5 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 23:32:29 -0000 =0A> =0A> Message: 15=0A> Date: Tue, 15 Sep 2009 14:13:17 -0400=0A> From: J= erry =0A> Subject: Re: reporter on deadline seeks comment= about=0A> reported=0A> =A0=A0=A0 security bug in FreeBSD=0A> To: freebsd-q= uestions@freebsd.org=0A> Message-ID: <20090915141317.7a41b042@scorpio.seibe= rcom.net>=0A> Content-Type: text/plain; charset=3DUS-ASCII=0A> =0A> On Tue,= 15 Sep 2009 13:18:29 -0400=0A> Bill Moran =0A> w= rote:=0A> =0A=0A> =0A> The fact is, that you do in fact notify me. K= eeping=0A> important security=0A> information secret benefits no one, excep= t for possibly=0A> those=0A> responsible for the problem to begin with who = do not want=0A> the=0A> knowledge of the problem to become public. A multit= ude of=0A> software,=0A> such as Mozilla, publish known security holes in t= heir=0A> software.=0A> The ramifications of allowing a user to actively use= a=0A> piece of=0A> software when a known bug/exploit/etc. exists within it= is=0A> grossly=0A> negligent.=0A> =0A=0AThe important question is: known= by whom?=0AEvery reviewer brings their own bias and experience. The code h= as not been "proven correct," so there is not reason to assume that a Black= -hat will find the same bug/exploit. If there are more than about 3 unknown= exploits, they are more likely to find a different one.=0A=0AIMO, Mozilla = is a bad example. I've been bitten by (non-security) bugs going back to 1.5= or earlier. Disclosure: I still prefer Lynx.=0A=0A=0A=0A=0A> =0A=0A= =0A __________________________________________________________________= =0AThe new Internet Explorer=AE 8 - Faster, safer, easier. Optimized for Y= ahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplor= er/