Date: Sun, 30 Jun 1996 13:45:54 -0700 (PDT) From: "Jonathan M. Bresler" <jmb> To: obrien@Nuxi.cs.ucdavis.edu (David E. O'Brien) Cc: jmb@FRB.GOV, freebsd-security@freebsd.org Subject: Re: BoS: Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Message-ID: <199606302045.NAA15828@freefall.freebsd.org> In-Reply-To: <199606301821.LAA20002@relay.nuxi.com> from "David E. O'Brien" at Jun 30, 96 11:21:58 am
next in thread | previous in thread | raw e-mail | index | archive | help
David E. O'Brien wrote: > > > CERT sends out a notice as soon as the vendor agrees. > > the issue is not CERT, the issue is CERT's policy of waiting for > > the vendor regardless of how long the vendor takes to produce > > a fix. (hours? days? weeks? .....) > > > > its the unlimited waiting period that tweaks people. > > > > jmb > > -- > > Jonathan M. Bresler 202-452-2831 breslerj@frb.gov > > Speaking of delays to produce a notice, what is FreeBSD's policy? > What is the policy on full-disclosure? FreeBSD fixes any errors found as fast as possible (they all say that ;) FreeBSD has provided every user with access to the source so we can mailout a patch and let everyone fix their code. a commerical vendor has to cut binaries for everyone. FreeBSD also makes binaries available. but there is no management wondering is it will look bad to admit that there was abug. *heavend* a bug! hahahh jmb -- Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/ PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606302045.NAA15828>