From owner-freebsd-security Sun Jun 30 13:45:58 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA15837 for security-outgoing; Sun, 30 Jun 1996 13:45:58 -0700 (PDT) Received: (from jmb@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA15828; Sun, 30 Jun 1996 13:45:54 -0700 (PDT) From: "Jonathan M. Bresler" Message-Id: <199606302045.NAA15828@freefall.freebsd.org> Subject: Re: BoS: Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability To: obrien@Nuxi.cs.ucdavis.edu (David E. O'Brien) Date: Sun, 30 Jun 1996 13:45:54 -0700 (PDT) Cc: jmb@FRB.GOV, freebsd-security@freebsd.org In-Reply-To: <199606301821.LAA20002@relay.nuxi.com> from "David E. O'Brien" at Jun 30, 96 11:21:58 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk David E. O'Brien wrote: > > > CERT sends out a notice as soon as the vendor agrees. > > the issue is not CERT, the issue is CERT's policy of waiting for > > the vendor regardless of how long the vendor takes to produce > > a fix. (hours? days? weeks? .....) > > > > its the unlimited waiting period that tweaks people. > > > > jmb > > -- > > Jonathan M. Bresler 202-452-2831 breslerj@frb.gov > > Speaking of delays to produce a notice, what is FreeBSD's policy? > What is the policy on full-disclosure? FreeBSD fixes any errors found as fast as possible (they all say that ;) FreeBSD has provided every user with access to the source so we can mailout a patch and let everyone fix their code. a commerical vendor has to cut binaries for everyone. FreeBSD also makes binaries available. but there is no management wondering is it will look bad to admit that there was abug. *heavend* a bug! hahahh jmb -- Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/ PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB