From owner-freebsd-security Thu Dec 6 10:56: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by hub.freebsd.org (Postfix) with ESMTP id 4887D37B416 for ; Thu, 6 Dec 2001 10:56:00 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fB6ItxH16187; Thu, 6 Dec 2001 10:55:59 -0800 (PST) (envelope-from jan@caustic.org) Date: Thu, 6 Dec 2001 10:55:59 -0800 (PST) From: "f.johan.beisser" X-X-Sender: To: Brian Behlendorf Cc: Subject: Re: (WOT) Re: the best edited picture ever In-Reply-To: <20011205222931.L5713-100000@localhost> Message-ID: <20011206104901.I16958-100000@localhost> X-Ignore: This statement isn't supposed to be read by you X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN? MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 5 Dec 2001, Brian Behlendorf wrote: > I don't know about majordomo or mailman, but in ezmlm, one can configure > it such that subscribers posts go through, and non-subscribers posts get > bounced for moderation (which are easy to approve, and moderation > responsibilities can be shared), and in the process of approving a message > a moderator can also add said user to a list of "allowed" posters. So > pretty quickly all those posting from alternate addresses or the > occasional useful outsider get in that allowed list, and the stuff that > gets caught ends up being mostly spam. mail man allows this.. > My only worry is that it's a list about security, where time is critical, > and if a moderator fails to approve a post it could be a Really Bad Thing; > you don't want to see "vendor was notified, but didn't bother to respond" > in a bugtraq post about a FreeBSD vulnerability. The freebsd page pretty much tells people to send security vulnerabilities to security-officer@freebsd.org. the security information page is also directly linked from the front page, although it could be a bit more obvious. i believe (but i can't be sure, since i'm not one of the security-officer folk) that the address is bounced to several people, including kris kenneway. http://www.freebsd.org/security/ anyhow, just as an FYI. -- jan -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message