Date: Wed, 11 Apr 2001 09:40:26 +1000 From: Stanley Hopcroft <Stanley.Hopcroft@IPAustralia.gov.au> To: freebsd-security@freebsd.org Subject: Re: Security Announcements? Message-ID: <20010411094026.B80253@IPAustralia.Gov.AU> In-Reply-To: <XFMail.010410154347.nmh@daemontech.com>; from nmh@daemontech.com on Tue, Apr 10, 2001 at 03:43:47PM -0700 References: <20010410215014.A8173@scientia.demon.co.uk> <XFMail.010410154347.nmh@daemontech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Ladies and Gentlemen, I am writing to endorse Ms Harringtons remarks (vi) and ask that her requests be treated seriously. They are mine too, and I don't think unrealistic for a working joe who is neither an ace - even an average - programmer or network technologist. I use FreeBSD because it is easy to use compared to other things (NT, OS/2, AIX, probably Solaris) and safe. If it is no longer safe, and I have to take hours to install a port - because I am slow and stupid - then the attractiveness is reduced. On Tue, Apr 10, 2001 at 03:43:47PM -0700, Nicole Harrington wrote: > > As someone who runs many production level servers here is what I would want > In order: > > 1) A notice that there is problem - So I can tcpwrap or shutdown said service > until a patch is available. > > 2) A binary patch. Similiar to the Linux RPM.s and the BSDi patches. > Just download and run. No compiles no installs. > > 3) A patch that everyone agrees works in an email or other notification that > says, here's were you can get the patch, this works, here's what to do with > it. > From my perspective it took days for people to stop discussing what patch > was best for ntpd and I still never heard a full resolution on the mailing > list. No official blessing of a patch other than what I would get via CVSUP. I > have production servers, I can't run a CVsup everyday, let alone a make world. > Here here. I have shut down ntpd. I can't determine from the debate about the ntp patch what I should use. There is no SA .... > > Yes I may have missed a few mails or something. But expecting people to spend > their days tracking down patches and notices abt problems kinda negates the > whole idea of a security mailing and notification. Yes. > The process seemed much better in the past, but lately, it has been much less > than optimal. > Can't say. Although I miss Mr Kenneways letters (and Mr Losh for that matter). > > Nicole > > > Thank you, Yours sincerely. -- ------------------------------------------------------------------------ Stanley Hopcroft IP Australia Network Specialist +61 2 6283 3189 +61 2 6281 1353 (FAX) Stanley.Hopcroft@IPAustralia.Gov.AU ------------------------------------------------------------------------ One is not superior merely because one sees the world as odious. -- Chateaubriand (1768-1848) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010411094026.B80253>