Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Aug 2002 06:57:38 -0500
From:      "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
To:        Colin Percival <Colin_Percival@sfu.ca>
Cc:        Dag-Erling Smorgrav <des@ofug.org>, Anatole Shaw <shaw@autoloop.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: advisory coordination (Re: SA-02:35)
Message-ID:  <20020806115738.GG94762@madman.nectar.cc>
In-Reply-To: <5.0.2.1.1.20020806031941.01febf28@popserver.sfu.ca>
References:  <20020806053237.A49851@kagnew.autoloop.com> <1028312148.3d4acc54c5eef@webmail.vsi.ru> <xzpado0hp1h.fsf@flood.ping.uio.no> <20020806053237.A49851@kagnew.autoloop.com> <5.0.2.1.1.20020806031941.01febf28@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Aug 06, 2002 at 03:33:59AM -0700, Colin Percival wrote:
>   It wouldn't be a panacea, but if the mirrors could be set to update 
> automatically when a security issue arises (instead of operating on their 
> normal schedule) then the issue of advisories coming out before relevant 
> files were mirrored would not be a danger.  I can't see that this would 
> cause any problems, since any blackhats looking for unannounced patches 
> would be looking on the main ftp server anyway.

As I implied in my previous message, no patches will hit any FTP
server or other public source before being committed to the FreeBSD
security branches.  Once they are in the security branches, the
patches themselves are public and available.

>   Apart from that... is there anything wrong with issuing a preliminary 
> notice and following up with full details later?

Not in and of itself.  In this case, I released the advisory as soon
as I believed that we had enough information to do so.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020806115738.GG94762>