From owner-freebsd-security@FreeBSD.ORG Wed Apr 9 18:41:30 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8FF4EAFB for ; Wed, 9 Apr 2014 18:41:30 +0000 (UTC) Received: from mo3.mail-out.ovh.net (16.mo3.mail-out.ovh.net [188.165.56.217]) by mx1.freebsd.org (Postfix) with ESMTP id 4E4321F9C for ; Wed, 9 Apr 2014 18:41:30 +0000 (UTC) Received: from mail436.ha.ovh.net (b6.ovh.net [213.186.33.56]) by mo3.mail-out.ovh.net (Postfix) with SMTP id CDE73FFA63C for ; Wed, 9 Apr 2014 20:02:57 +0200 (CEST) Received: from b0.ovh.net (HELO queueout) (213.186.33.50) by b0.ovh.net with SMTP; 9 Apr 2014 20:05:03 +0200 Received: from vau75-5-82-227-220-138.fbx.proxad.net (HELO ?127.0.0.1?) (leon.fazakerley@commerceo.com@82.227.220.138) by ns0.ovh.net with SMTP; 9 Apr 2014 20:05:01 +0200 Message-ID: <53458B4F.5070908@tucoinfo.fr> Date: Wed, 09 Apr 2014 20:02:55 +0200 From: "leon@tuco" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= , Pawel Biernacki Subject: Re: Proposal References: <86txa2z8xl.fsf@nine.des.no> In-Reply-To: <86txa2z8xl.fsf@nine.des.no> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Ovh-Tracer-Id: 10073707943104224068 X-Ovh-Remote: 82.227.220.138 (vau75-5-82-227-220-138.fbx.proxad.net) X-Ovh-Local: 213.186.33.20 (ns0.ovh.net) X-OVH-SPAMSTATE: OK X-OVH-SPAMSCORE: -80 X-OVH-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrfeejuddrieehucetufdoteggodetrfcurfhrohhfihhlvgemucfqggfjnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenogetfedtledqtdduucdlvddtmd X-Spam-Check: DONE|U 0.5/N X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -80 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrfeejuddrieehucetufdoteggodetrfcurfhrohhfihhlvgemucfqggfjnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenogetfedtledqtdduucdlvddtmd Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 18:41:30 -0000 On 09/04/2014 19:53, Dag-Erling Smørgrav wrote: > Pawel Biernacki writes: >> >RedHat managed to provide the fix within 21 hours but aparently they >> >knew very eraly about the issue. FreeBSD Security Team didn't? Why? >> >You can_see_ the whole process on their bugzilla >> >https://bugzilla.redhat.com/show_bug.cgi?id=1084875. > No you can't. That ticket is just window dressing. By the time it was > created, RedHat had known about the issue for at least a week, and > probably more. Who cares, nobody found it in 2 years and we are squabbling about a few hours or days! I am much more worried about the late coming journalists who are starting to freak out any Internet credit card user. That is really bad for e-commerce - in addition to these depressing last years of financial crisis. Thank you for your efforts and I will definitely continue using FreeBSD.