Date: Wed, 1 Dec 1999 22:55:24 -0800 (PST) From: Jesse <j@lumiere.net> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Brock Tellier <btellier@usa.net>, Bill Swingle <unfurl@dub.net>, security@FreeBSD.ORG Subject: Re: [Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] ] Message-ID: <Pine.BSF.4.05.9912012251010.86543-100000@leaf.lumiere.net> In-Reply-To: <36932.944099245@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm not arguing this at all, I'm simply saying that these issues > should be brought up with the 200 or so maintainers of those > suid-programs in ports. The security officer hasn't a prayer of > addressing all of these and the core parts of FreeBSD as well and this > is one of those areas where delegation and "distributed processing" is > a necessity. Issues with ports need to be raised with the appropriate > ports people. Wouldn't it be reasonable, however, to expect the security officer to redirect notifications to the proper maintainers? In most organizations, if you contact the wrong person, they'll pass on your message to the correct one. One might think one of the benefits of having a security officer is not just a person to fix security holes (I doubt that's the job description, anyway), but to help coordinate and assure that the information gets to the right people. Just two cents, --- Jesse <j@lumiere.net> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9912012251010.86543-100000>