Date: Wed, 16 Sep 2009 07:08:50 -0400 From: Jerry <gesbbb@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD Message-ID: <20090916070850.213b1dfa@scorpio.seibercom.net> In-Reply-To: <4ab089ee.pco85GKJ5xtY03wv%perryh@pluto.rain.com> References: <4AAE95B2.5050409@sitpub.com> <20090915131829.0b0a0ab7.wmoran@potentialtech.com> <20090915141317.7a41b042@scorpio.seibercom.net> <200909152051.40695.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <20090915151425.4b6ce6f2@scorpio.seibercom.net> <4AAFEAFB.9030603@pixelhammer.com> <20090915163711.406257a6@scorpio.seibercom.net> <4ab089ee.pco85GKJ5xtY03wv%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Sep 2009 23:47:10 -0700 perryh@pluto.rain.com wrote: > Jerry <gesbbb@yahoo.com> wrote: > > Waiting until someone is harmed is tantamount to being an > > accomplice to the act. > > And providing details of a currently-undefendable vulnerability > to a black hat who did not previously know about it, thereby > enabling the black hat to perpetrate harm that would otherwise > not have occurred, isn't? The simple act of publishing the fact that a know exploit exists for a given program compromises nothing. Example: WARN: The following program(s) have known exploits. PROGRAM: prog-name PROGRAM VERSION: 2.4 OS: FreeBSD-7.2+ EXPLOIT: Potential to render HD inaccessible PATCH: NONE AVAILABLE SUGGESTION: If prog-name is not imperative to system performance, remove it and consider using a similar product by another author. A simple solution that affords the end user the right to make an informed decision. I realize that governments, especially socialistic/fascists ones use the terms 'censorship' and 'secret' with the term 'For their own good' interchangeable. I would hate to see the open-source community, especially FBSD embracing that philosophy. -- Jerry gesbbb@yahoo.com Progress is impossible without change, and those who cannot change their minds cannot change anything. George Bernard Shaw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090916070850.213b1dfa>