Date: Tue, 10 Apr 2001 23:25:10 +0200 From: "Michael Nottebrock" <michaelnottebrock@gmx.net> To: "Ben Smithurst" <ben@FreeBSD.org> Cc: "Michael Bryan" <fbsd-secure@ursine.com>, <freebsd-security@freebsd.org> Subject: Re: Security Announcements? Message-ID: <00fb01c0c204$b97cde80$0508a8c0@lofi.dyndns.org> References: <3AD33218.FE8D7ACD@ursine.com> <001d01c0c1fc$23d73680$0508a8c0@lofi.dyndns.org> <20010410215014.A8173@scientia.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Ben Smithurst" <ben@FreeBSD.org> To: "Michael Nottebrock" <michaelnottebrock@gmx.net> Cc: "Michael Bryan" <fbsd-secure@ursine.com>; <freebsd-security@freebsd.org> Sent: Tuesday, April 10, 2001 10:50 PM Subject: Re: Security Announcements? > Michael Nottebrock wrote: > > > I agree that there is need for improvement. Let's just see what the > > other OS's security people are doing about the recent ftpd-issue: > > > > NetBSD: > > ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000 > > -018.txt.asc > > OpenBSD: > > ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch > > FreeBSD: Absolutely nothing > > I'm pretty sure that's complete and utter bollocks, unless I'm > misunderstanding the issue, or thinking of another ftpd-issue. The way you are quoting me, indeed it would be. But, as can be clearly seen by looking at the topic of this thread, I was talking about the missing _announcements_, not about the fixes itself. And before you tell me to, yes, I did read the actual CERT-advisory, which also contained the 'official' statement from FreeBSD, which does not mention ANY correction dates. > > It certainly is starting to irritate people running > > 4.2-Release. > > Well if you want the latest security fixes you shouldn't be running a > -release anyway, that's that the -stable branch is for. To quote http://www.freebsd.org/security/#adv: "The FreeBSD Security Officers provide security advisories for the following releases of FreeBSD: - The most recent official release of FreeBSD." and: "At this time, security advisories are being released for: - FreeBSD 3.5.1-STABLE - FreeBSD 4.2-RELEASE - FreeBSD 4.2-STABLE " Again, I am not saying that nothing is done, just that the others are obviously doing it (a lot) quicker. Greetings, Michael Nottebrock To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00fb01c0c204$b97cde80$0508a8c0>