From owner-freebsd-security  Mon Aug 27 17: 6:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from granger.mail.mindspring.net (granger.mail.mindspring.net [207.69.200.148])
	by hub.freebsd.org (Postfix) with ESMTP id AFE2E37B401
	for <freebsd-security@FreeBSD.ORG>; Mon, 27 Aug 2001 17:06:36 -0700 (PDT)
	(envelope-from meshko@polkan2.dyndns.org)
Received: from user-2ivef38.dsl.mindspring.com (user-2ivef38.dsl.mindspring.com [165.247.60.104])
	by granger.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id UAA19999;
	Mon, 27 Aug 2001 20:06:34 -0400 (EDT)
Date: Mon, 27 Aug 2001 20:07:31 -0400 (EDT)
From: Mikhail Kruk <meshko@polkan2.dyndns.org>
X-X-Sender:  <meshko@localhost>
To: Christopher Schulte <christopher@schulte.org>
Cc: Mikhail Kruk <meshko@mindspring.com>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: procmail, squid: any takers?
In-Reply-To: <5.1.0.14.0.20010827185459.022a3de0@pop.schulte.org>
Message-ID: <Pine.BSF.4.33.0108272003260.45703-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> At 07:55 PM 8/27/2001 -0400, Mikhail Kruk wrote:
> >Hm... I don't see anything about sendmail in UPDATING. Also things like
>
> 20010822:       p14
>          Fix command line argument overflow probelm in sendmail.

please tell me what am I doing wrong. I'm cvsup'ing to RELENG_4. Using
cvsup3.freebsd.org and grab src-all
This is the beginning of my UPDATING file:

20010814:
        The pci attachment for pcic device was merged from current.  You
        should update your pccardd at the same time as you update your
        kernel.

        Note: Interrupts will now be shared between the CardBus bridge
        and the cards.  This is a change over the hand configuration
        before.

20010811:
...

> >procmail which are ports don't go into updating anyway, right?
>
> So far as I can tell, no.  Just the base userland and kernel.  The kind of
> stuff that a make world or kernel will build and install.

So following UPDATING or even cvs logs isn't really enough. I still think
that it would be a good idea to release informal notifications. I agree
that security officer would be burried under cries for help, but I think
that there is enough crap (like this discussion :) on the list already. Is
it going to be that much worse?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message