From owner-freebsd-chat Wed Feb 5 15:20:07 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA21403 for chat-outgoing; Wed, 5 Feb 1997 15:20:07 -0800 (PST) Received: from super-g.inch.com (super-g.com [204.178.32.161]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA21336 for ; Wed, 5 Feb 1997 15:19:53 -0800 (PST) Received: from localhost (spork@localhost) by super-g.inch.com (8.8.5/8.6.9) with SMTP id SAA00856; Wed, 5 Feb 1997 18:27:01 -0500 (EST) Date: Wed, 5 Feb 1997 18:27:01 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: David Greenman cc: tqbf@enteract.com, karl@mcs.net, freebsd-chat@FreeBSD.ORG Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE In-Reply-To: <199702052208.OAA11453@root.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-chat@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 5 Feb 1997, David Greenman wrote: > I don't like how this whole mess has come down. There is an awful lot of > ill-will being passed out that will have long term ramifications. It didn't > need to happen this way. > > -DG I think most of the ill-will comes from the following sources: 1. Misinformation - I've applied like 5 different patches to all my machines (there are many) in hopes that some punk wouldn't come along and put the company I work for out of business. Estimates on the severity went from very serious to kind-of-serious. What's a user to do? 2. Lack of Information - I saw more info on Bugtraq than on the various FBSD lists. Not even an announcement something was being hammered out. That tends to make anyone who depends on their machines *very* nervous. I understand it takes time to create a fix, but a quick paragraph to update the masses would be nice. 3. You folks (DG & Co.) are the core team-as such there are certain things that those of us that are administrators *but not C programmers* (some would say there's no such thing as an administrator that's not a programmer, and I say "what the hell am I doing 10 hours a day then?"). You have to realize that you "sell" the OS on the webpage and in -questions, etc. and in turn people like me "sell" the OS to the money people. So I'm sitting here like the proverbial "sitting duck" not knowing how to fix the problem even with all the time in the world. If I knew a bit more, I'd be on the list freaking out and screaming about why the big hole in the bottom of the boat at sea is not being patched; even if only with duct tape. 4. The damned medium of communications. If Karl, Tom, Joe, and the core team were sitting face to face over laptops in a nice bar somewhere, the arguments would be shorter and the solution would be out by now. Arguing wastes alot of time when done via email. That's it; my only complaint is being kept in the dark to sweat it out. If I knew my C, I'd be trying to help, and I'd be alot less nervous. So for those of us who aren't able to mumble library routines in our sleep, please try and keep us posted (even a *short* message) when security problems crop up. And some background for those *learning* C would be good a bit after the fact so we can all learn the safe way to code from previous mistakes... Thanks for a swell OS, and I'm REALLY looking forward to the patch, Charles