Date: Sun, 05 Dec 1999 09:50:25 +0200 From: Mark Murray <mark@grondar.za> To: Kris Kennaway <kris@hub.freebsd.org> Cc: audit@FreeBSD.ORG Subject: Re: Closed list policy? Message-ID: <199912050750.JAA15703@gratis.grondar.za>
next in thread | raw e-mail | index | archive | help
> I was wondering whether it would be smarter to have a closed list policy > here, to prevent just anyone (read: evil people) from subscribing and > getting early notification about vulnerabilities before they're patched > (which may take several days). Obviously we still should have a full > disclosure policy, but it gives ourselves time to fix bugs properly. We are really supposed to be taling about _how_ we do the audit, and results thereof, not the actual details. The dirty details should be on -security, -arch, -current or -security-officer, as appropriate. What should be here is "I have finished foo(1), and it is now clean of all bar/baz/qux problems that I could find.". M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912050750.JAA15703>