From owner-freebsd-stable@FreeBSD.ORG Fri Dec 23 16:52:15 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6110410657EC for ; Fri, 23 Dec 2011 16:52:15 +0000 (UTC) (envelope-from lists@rewt.org.uk) Received: from abby.lhr1.as41113.net (abby.lhr1.as41113.net [91.208.177.20]) by mx1.freebsd.org (Postfix) with ESMTP id 191DE8FC1D for ; Fri, 23 Dec 2011 16:52:15 +0000 (UTC) Received: from jasmine.internethq (unknown [91.208.177.192]) by abby.lhr1.as41113.net (Postfix) with ESMTP id 11CAB22837 for ; Fri, 23 Dec 2011 16:52:14 +0000 (UTC) Received: from [172.16.11.44] (jwh-laptop.internethq [172.16.11.44]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jasmine.internethq (Postfix) with ESMTPS id E04471065B001; Fri, 23 Dec 2011 16:52:15 +0000 (GMT) Message-ID: <4EF4B1BA.8040206@rewt.org.uk> Date: Fri, 23 Dec 2011 16:52:10 +0000 From: Joe Holden User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Damien Fleuriot References: <4EF4A75C.2040609@my.gd> <4EF4B0B2.10709@rewt.org.uk> <4EF4B13E.2020109@my.gd> In-Reply-To: <4EF4B13E.2020109@my.gd> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-stable@freebsd.org" Subject: Re: FLAME - security advisories on the 23rd ? uncool idea is uncool X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2011 16:52:15 -0000 The serious one (telnetd) is already being exploited in the wild, and if you're running telnetd anyway then you can always switch to ssh or acl the port, either way it is a relative non-issue to ignore the update for now... Damien Fleuriot wrote: > My point (which may or may not be valid) was that if the vulnerabilities > remained *undisclosed*, they would have a much lower chance of being > exploited. > > > > On 12/23/11 5:47 PM, Joe Holden wrote: >> So don't update until Monday? The outcome will be the same :) >> >> Damien Fleuriot wrote: >>> Hey up list, >>> >>> >>> >>> Look, just a rant here. >>> >>> >>> Who in *HELL* thought it would be a cool idea to release no less than >>> FOUR security advisories today ? >>> >>> I mean, couldn't this have waited and remained undisclosed until monday ? >>> >>> I for one do *NOT* relish the idea of updating 50+ boxes this evening >>> and tomorrow ! >>> >>> >>> Not to mention a whole lot of merchants and banks have toggled IT Freeze >>> a few weeks ago, to ensure xmas shopping doesn't get disturbed by >>> production changes. >>> >>> >>> Seriously, this is just irritating. >>> >>> >>> /flame >>> _______________________________________________ >>> freebsd-stable@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"