From owner-freebsd-security Tue Apr 10 10:21:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from poontang.schulte.org (poontang.schulte.org [209.134.156.197]) by hub.freebsd.org (Postfix) with ESMTP id 3A85137B424 for ; Tue, 10 Apr 2001 10:21:40 -0700 (PDT) (envelope-from christopher@schulte.org) Received: from schulte-laptop.schulte.org ([64.183.199.40]) by poontang.schulte.org (8.12.0.Beta5/8.12.0.Beta5) with ESMTP id f3AHLbIr075804; Tue, 10 Apr 2001 12:21:38 -0500 (CDT) Message-Id: <5.0.2.1.0.20010410121258.031bce10@pop.schulte.org> X-Sender: schulte@pop.schulte.org X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 10 Apr 2001 12:21:10 -0500 To: Szilveszter Adam , freebsd-security@FreeBSD.ORG From: Christopher Schulte Subject: Re: Security Announcements? In-Reply-To: <20010410185256.A20479@petra.hos.u-szeged.hu> References: <3AD33218.FE8D7ACD@ursine.com> <3AD33218.FE8D7ACD@ursine.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:52 PM 4/10/2001 +0200, Szilveszter Adam wrote: >If you follow -STABLE, you are fine long before the advisory comes out... >you can >always find out from the mails on cvs-all. I imagine many production servers do not follow -STABLE religiously, but will upgrade as needed when heads-up of specific issues are unearthed. It's that unearthing process that needs work; one can track list after list after list, or look to their vendor. I'd prefer to see 'hey here's a new issue... we don't have it fixed yet, but workarounds may include...' rather than silence from the security officer. Perhaps a security-heads-up list of sorts. It'd be the crossroad between security and security-advisories. Moderated, but with a less formal feel than advisories. >-- >Regards: > >Szilveszter ADAM >Szeged University >Szeged Hungary --chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message