From owner-freebsd-chat Sat Oct 3 19:43:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA18278 for freebsd-chat-outgoing; Sat, 3 Oct 1998 19:43:13 -0700 (PDT) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA18244 for ; Sat, 3 Oct 1998 19:42:49 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id UAA20355; Sat, 3 Oct 1998 20:42:14 -0600 (MDT) Message-Id: <4.1.19981003203743.0423c360@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sat, 03 Oct 1998 20:41:46 -0600 To: Greg Lehey From: Brett Glass Subject: Re: Status Report on 2.2.6 Giveaway CD's Cc: freebsd-chat@FreeBSD.ORG In-Reply-To: <19981004110222.C10081@freebie.lemis.com> References: <4.1.19981003121246.041c3330@mail.lariat.org> <13859.907436889@time.cdrom.com> <4.1.19981003121246.041c3330@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:02 AM 10/4/98 +0930, Greg Lehey wrote: >> On Friday, 21 August 1998 at 9:43:01 -0600, Brett Glass wrote: >>> At 12:27 PM 8/21/98 +0000, Duncan Barclay wrote: >>> >>>> In CNets headline story today, FreeBSD replaces comproimised IRIX >>>> servers at a Kentucky ISP! >>>> >>>> Whether the attack was the fault of the ISP's operating system >>>> remains an unanswered question. But Aye Net is not taking any >>>> chances. It has since replaced its operating system with FreeBSD, >>>> which is a version of Unix with strengthened security measures. >>>> >>>> http://www.news.com/News/Item/0,4,25526,00.html?st.ne.1.head >>> >>> For Heaven's sake someone warn them not to run QPopper. >> >> Why? Firstly, it wasn't a FreeBSD problem, and secondly it's been >> fixed. > >That stands. But it WOULDN'T be fixed on the 2.2.6 CD set! And if someone is just getting into FreeBSD or UNIX, the last thing they're going to know is how to find out about security problems or how to upgrade. Again, I'd prepare a sticker for the disk, a program to patch the known holes, and/or instructions for an immediate, painless upgrade. I'd never, NEVER give someone a system disk with well-known, easily exploitable holes without such warnings and fixes. But that's just me. Personally, I would feel responsible if the user got shafted, and wouldn't want FreeBSD's reputation to suffer. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message