From owner-freebsd-security Mon Aug 27 17:45: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54]) by hub.freebsd.org (Postfix) with ESMTP id 057E337B405; Mon, 27 Aug 2001 17:44:50 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 090E066E33; Mon, 27 Aug 2001 17:44:46 -0700 (PDT) Date: Mon, 27 Aug 2001 17:44:45 -0700 From: Kris Kennaway To: Christopher Schulte Cc: Mikhail Kruk , Igor Roshchin , "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: procmail, squid: any takers? Message-ID: <20010827174445.C48093@xor.obsecurity.org> References: <200108272048.f7RKm5k67160@giganda.komkon.org> <5.1.0.14.0.20010827182914.00b00e88@pop.schulte.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="oJ71EGRlYNjSvfq7" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.0.14.0.20010827182914.00b00e88@pop.schulte.org>; from christopher@schulte.org on Mon, Aug 27, 2001 at 06:39:54PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --oJ71EGRlYNjSvfq7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 27, 2001 at 06:39:54PM -0500, Christopher Schulte wrote: > My guess is that way too much support would go into 'informal advisories'= =20 > as people would be clawing the security officer to death asking for exact= =20 > directions for applying patches and installing fixed binaries. This is= =20 > what advisories are for! Then of course when the security officer made a= =20 > typo or mistake (which would happen), the same crowd would be right there= =20 > to point out the mistakes. Not to mention the madness when we have=20 > differing opinions on how to implement a source fix (remember the telnetd= =20 > fiasco?). That's exactly right. We're not going to start doing "informal advisories" for the above reasons, but there's no reason the community couldn't (or in fact shouldn't) be performing this informal support role themselves. This already happens to some extent. People just need to be aware that interim fixes may be wrong (and in fact the "official fixes" from us may also be wrong, although we of course strive hard to avoid that case and take responsibility for correcting the incorrect information when it occurs) Kris FreeBSD Security Officer --oJ71EGRlYNjSvfq7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7iul9Wry0BWjoQKURAiNxAKDx6Y9cs5r4nJ+x4t8oPefa9u3dBwCgnNJO nRm2Fl6wfCI6fV485MBjLvw= =tFLv -----END PGP SIGNATURE----- --oJ71EGRlYNjSvfq7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message