From owner-freebsd-security@FreeBSD.ORG Sun Oct 21 21:40:01 2007 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 057A316A41B for ; Sun, 21 Oct 2007 21:40:01 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 71A2113C4B0 for ; Sun, 21 Oct 2007 21:40:00 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: (qmail invoked by alias); 21 Oct 2007 21:39:52 -0000 Received: from u18-124.dsl.vianetworks.de (EHLO [172.20.1.30]) [194.231.39.124] by mail.gmx.net (mp018) with SMTP; 21 Oct 2007 23:39:52 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX19xei1nJ1dxkojfOFjxNlvnGr9HPM/p0/SJWt2Njo JT8N7QUXyoGArq Message-ID: <471BC71B.9090703@gmx.de> Date: Sun, 21 Oct 2007 23:39:39 +0200 From: Olli Hauer User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Colin Percival References: <1191595847.2850.21.camel@amd.uni.vrs> <47065710.6090702@freebsd.org> <20071021015451.U70919@fledge.watson.org> <471AA8EE.7050406@freebsd.org> In-Reply-To: <471AA8EE.7050406@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: freebsd-security@FreeBSD.org, Robert Watson Subject: Re: missing Advisory at ftp.freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Oct 2007 21:40:01 -0000 Colin Percival wrote: > Robert Watson wrote: >> On Fri, 5 Oct 2007, Colin Percival wrote: >>>> ftp://ftp.freebsd.org/CERT/ >>> We stopped uploading advisories there because we kept on running into >>> problems with ftp mirrors being out of date, while have complete >>> control over the security.freebsd.org webserver and can make sure >>> files are there before we send out the advisory. OK, that is a good reason. (with ftp it was very easy to get the advisories/patches with a script and wget without filtering icons and index.html files) >> Sounds like we should remove this from ftp-master so it stops being >> replicated, or at least put a note there about it being historic. Any >> preference on which? It would be easy for me to put a warning and >> redirection at the top of README or rename CERT to CERT.old. > All of the old advisories point to ftp.freebsd.org (both as "the latest > revision of this advisory can be found at" and for the patches), so we > should leave the existing files there for the near future at least. Adding > a README pointing people towards security.freebsd.org sounds like the best > option to me. For humans who browse the website it is better to correct the link to CERT at http://security.freebsd.org/ to the new location. <-- snipped from the website http://security.freebsd.org/ -- Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. ......................................................^^^^^^^^ At the time of this writing, the following advisories are currently available (note that this list may be a few days out of date - for the very latest advisories please check the FTP site): .................^^^^^^^^ -- end snipped --> olli