From owner-freebsd-questions@FreeBSD.ORG Wed Sep 16 11:08:58 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A35CA1065670 for ; Wed, 16 Sep 2009 11:08:58 +0000 (UTC) (envelope-from gesbbb@yahoo.com) Received: from smtp109.prem.mail.ac4.yahoo.com (smtp109.prem.mail.ac4.yahoo.com [76.13.13.92]) by mx1.freebsd.org (Postfix) with SMTP id 47F0D8FC14 for ; Wed, 16 Sep 2009 11:08:58 +0000 (UTC) Received: (qmail 2447 invoked from network); 16 Sep 2009 11:08:57 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Received:Date:From:To:Subject:Message-ID:In-Reply-To:References:Reply-To:Organization:X-Mailer:Face:Mime-Version:Content-Type:Content-Transfer-Encoding; b=C09Yq8V4gYPRPiy6YdLlcbstvqD6pU4lK0L2SnujyUIz1Co4+/iGLEty/z8k0cCrc+n2wxO7RYifSLEUualUTl8xVm+dytMrBNHA8UFfPGEzXijVBYM0MT+RnGW+lo+LMK1bGbJPlU3YxHXjfU6tYamSONvsQH1/fd92bhcc5SY= ; Received: from c-67-189-183-172.hsd1.ny.comcast.net (gesbbb@67.189.183.172 with login) by smtp109.prem.mail.ac4.yahoo.com with SMTP; 16 Sep 2009 04:08:56 -0700 PDT X-Yahoo-SMTP: yeAAMgKswBATCul4lSbCWspvTA-- X-YMail-OSG: Fh6b6Q0VM1l8tlxAcIi22JkRjKH6mnlk6MX1L5oRYIdIkK9HVL6nvkcbeKpGcVDZl6kjEuexGVyKPJ8WHhQOeNgX8W1SaqwOv_IoZOqJqdnsqgaj_KiT4MaiCDuMvq6JQwv4ZgXfBbon3EZZZkRBdNFXjojenvoGutf8CKtz2FE6ecifLssHeMn4iyccHjkgkqbQpMo0ZSAFmawUWEF_ZTMPkzG4RDUYguXI.aql3ruqerDYXcatVm1mEDC6LQC1ik44D.3Zobt0ul6lj7U5hQPhLr4o2TRIQ4pdlDvpalIcmEN_t956TG6IIpvHIF9l4qMvoNynXnO9T.xrzCc4oLPKIuK13C_zjcmw X-Yahoo-Newman-Property: ymail-3 Received: from scorpio.seibercom.net (scorpio.seibercom.net [192.168.1.103]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: gesbbb@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id A5BB92280B for ; Wed, 16 Sep 2009 07:08:50 -0400 (EDT) Date: Wed, 16 Sep 2009 07:08:50 -0400 From: Jerry To: freebsd-questions@freebsd.org Message-ID: <20090916070850.213b1dfa@scorpio.seibercom.net> In-Reply-To: <4ab089ee.pco85GKJ5xtY03wv%perryh@pluto.rain.com> References: <4AAE95B2.5050409@sitpub.com> <20090915131829.0b0a0ab7.wmoran@potentialtech.com> <20090915141317.7a41b042@scorpio.seibercom.net> <200909152051.40695.mel.flynn+fbsd.questions@mailing.thruhere.net> <20090915151425.4b6ce6f2@scorpio.seibercom.net> <4AAFEAFB.9030603@pixelhammer.com> <20090915163711.406257a6@scorpio.seibercom.net> <4ab089ee.pco85GKJ5xtY03wv%perryh@pluto.rain.com> Organization: seibercom.net X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.6; i386-portbld-freebsd7.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEX+/v7++v6YOTrq8PCcuIX989UvOSj++v0BNCbpAAAAB3RJTUUHsQwfFzs7RBhzUQAAAhJJREFUOI1dU8GOqzAMNKIoV1bvwD1i0ysqrHplIdBrVSX7ATSbd03VVvn9tQNtQy0hjAdn7LED4AAcPtWm9RV+MPSfxhBLx9ajd6X/ngB6/mTwnRSZua7i7Ca+0ctZKo4Qmz+JY13X6I3nFZBxIYW1PbgfQ5RP8g0XlltEWGf3cV03joYpRnFbvYDKbXjZlXyyhEZA4lI+cN3NaVXE4VKjSwTExO10eTEkkJVqIAD5z0nUBQJluQDRSQjcrBiHAJxZlAH5CUMBMC7OcJ4LMQNnxhZ1HYPscMc6J4UlWRMNwzOpCcAHKSICd1EDn83abdREIbXsHkD1OinP1aCUCOEVRaa1lMcvywUWdYgk13JQUpYNKmvXQ8Kw5ML9YI5h8SakctBc7E/IYuLhYd/zZIk+1gM1vNweQBvHE0j+oYah3sMqAytQYlZk6+ANaaawJdu3OFzYGMZ3iGpa3qMlq9ZH0VZTgrCtw/ngdYkEIIpSbP1bWQAdFdX9vocBdkH2qVjVmuMu3gI5rjs814EUdrCZgWlPaxZZ3RiLFUtr+ud0PXwp2dnQSNXgePt6AZpBj6UMJ7VQkzN4utVeaSW1Dhn/kblGrKeMvNGnzwX4zuEDarYz1KdPtR60Gul0Gued+515SJXhCsl+Tx/3kY/UDvicPll9mfu50t3tvQ/thZpJYgeuwdSKNJ6tCD98MCgoxLDaPxbwqqwPWaWiAAAAAElFTkSuQmCC X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2009 11:08:58 -0000 On Tue, 15 Sep 2009 23:47:10 -0700 perryh@pluto.rain.com wrote: > Jerry wrote: > > Waiting until someone is harmed is tantamount to being an > > accomplice to the act. > > And providing details of a currently-undefendable vulnerability > to a black hat who did not previously know about it, thereby > enabling the black hat to perpetrate harm that would otherwise > not have occurred, isn't? The simple act of publishing the fact that a know exploit exists for a given program compromises nothing. Example: WARN: The following program(s) have known exploits. PROGRAM: prog-name PROGRAM VERSION: 2.4 OS: FreeBSD-7.2+ EXPLOIT: Potential to render HD inaccessible PATCH: NONE AVAILABLE SUGGESTION: If prog-name is not imperative to system performance, remove it and consider using a similar product by another author. A simple solution that affords the end user the right to make an informed decision. I realize that governments, especially socialistic/fascists ones use the terms 'censorship' and 'secret' with the term 'For their own good' interchangeable. I would hate to see the open-source community, especially FBSD embracing that philosophy. -- Jerry gesbbb@yahoo.com Progress is impossible without change, and those who cannot change their minds cannot change anything. George Bernard Shaw