Date: Mon, 27 Aug 2001 18:39:54 -0500 From: Christopher Schulte <christopher@schulte.org> To: Mikhail Kruk <meshko@polkan2.dyndns.org>, Igor Roshchin <str@giganda.komkon.org> Cc: "Jacques A. Vidrine" <n@nectar.com>, <freebsd-security@FreeBSD.ORG>, <security-officer@FreeBSD.ORG> Subject: Re: procmail, squid: any takers? Message-ID: <5.1.0.14.0.20010827182914.00b00e88@pop.schulte.org> In-Reply-To: <Pine.BSF.4.33.0108271922360.45703-100000@localhost> References: <200108272048.f7RKm5k67160@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:27 PM 8/27/2001 -0400, Mikhail Kruk wrote: >Another possibility (which of course was discussed many times here) is to >release informal warnings on the list as soon as a bug is patched and then >take as long as needed to release formal advisory... I guess it's not a >an acceptable solution for some reason. People who follow RELENG_4_X may be able to stay on top of these things easier, as we can see the changes more clearly in cvsup, and /usr/src/UPDATING now seems to document every commit to this branch. Nice new feature, IMHO. I've been aware of fixed problems long before security advisories have come out, now. I do *still* need to cvsup, or subscribe to cvs-all, or watch the cvs repo via cvsweb to know what's going on. But it's much easier than following every commit to -STABLE, since I know offhand most or all commits are security related and will probably be followed up by an advisory sooner or later. My guess is that way too much support would go into 'informal advisories' as people would be clawing the security officer to death asking for exact directions for applying patches and installing fixed binaries. This is what advisories are for! Then of course when the security officer made a typo or mistake (which would happen), the same crowd would be right there to point out the mistakes. Not to mention the madness when we have differing opinions on how to implement a source fix (remember the telnetd fiasco?). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010827182914.00b00e88>