From owner-freebsd-stable@FreeBSD.ORG Fri Dec 23 17:37:34 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39E26106566C for ; Fri, 23 Dec 2011 17:37:34 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from sarah.protected-networks.net (sarah.protected-networks.net [IPv6:2001:470:1f07:4e1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 067B78FC19 for ; Fri, 23 Dec 2011 17:37:34 +0000 (UTC) Received: from toshi.auburn.protected-networks.net (toshi.auburn.protected-networks.net [202.12.127.84]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "Iain Butler", Issuer "RSA Class 2 Personal CA" (verified OK)) (Authenticated sender: imb@protected-networks.net) by sarah.protected-networks.net (Postfix) with ESMTPSA id D2116613D for ; Fri, 23 Dec 2011 12:37:32 -0500 (EST) DomainKey-Signature: a=rsa-sha1; s=200509; d=protected-networks.net; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:subject: references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=c516UMOS+Ov9zTzxy4rEY74pvrNFbmLLVWUihoMRifjqZmBzP9yB5a19gZeDSKBk9 kwpM3465oAB81gDEXhVf8j2bUvoHO7iN8A/UIXko98GlnEa1u4usBn4JHp1KgTk Message-ID: <4EF4BC5A.2040600@protected-networks.net> Date: Fri, 23 Dec 2011 12:37:30 -0500 From: Michael Butler User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:8.0) Gecko/20111111 Thunderbird/8.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <4EF4A75C.2040609@my.gd> <201112231139.26613.jhb@freebsd.org> <4EF4B214.2070106@denninger.net> In-Reply-To: <4EF4B214.2070106@denninger.net> X-Enigmail-Version: undefined OpenPGP: id=0442D492 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: FLAME - security advisories on the 23rd ? uncool idea is uncool X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2011 17:37:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/23/11 11:53, Karl Denninger wrote: > I happen to APPLAUD the FreeBSD Security team for doing this. > > I WANT security fixes out as soon as reasonably possible. You're NOT > telling the bad guys anything they don't already know, but you ARE > making it possible for the good guys to raise shields. > > A "remote root" problem is about as bad as it gets. +1 Even if the timing is less than optimal, having the necessary information "out there" offers the opportunity for each organization to make an *informed choice* as to which vulnerabilities might be present in their deployments, which are of highest priority and what resourcing decision are appropriate in their specific context. The FreeBSD Security folk are not saying "you must do this today"; they *can't* make that call on our behalf - it is entirely an organizational decision based on our assessment(s) of our risk and exposure, imb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk70vFkACgkQQv9rrgRC1JJ1YgCdELKoI5JH8FaIjrlHm/Fco3y1 3s8AoJHarM0WhuCf0edFUWQpfkFF4g+S =Z4M2 -----END PGP SIGNATURE-----