From owner-freebsd-security Thu Dec 2 10:37:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (Postfix) with SMTP id EE9AE14DA5 for ; Thu, 2 Dec 1999 10:37:21 -0800 (PST) (envelope-from andrewr@slack.net) Received: (qmail 13035 invoked by uid 1077); 2 Dec 1999 18:32:31 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 2 Dec 1999 18:32:31 -0000 Date: Thu, 2 Dec 1999 13:32:31 -0500 (EST) From: andrewr To: "Jordan K. Hubbard" Cc: Sheldon Hearn , Steve Reid , Bill Swingle , security@FreeBSD.ORG, Jordan Hubbard Subject: Re: [btellier@USA.NET: Several FreeBSD-3.3 vulnerabilities] In-Reply-To: <87169.944159368@zippy.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Well, let me just add something to this, and that's that if you > also can't get reasonable satisfaction out of a maintainer, move > up the "chain of authority" and talk to the ports team and/or > Satoshi Asami about it. If that still doesn't net you results, > appeal to core. The buck will eventually stop somewhere. :) > Wouldn't it be a better idea to just plainly make an easy way to report a hole? Someone who is trying to report a hole will just plain get pissed off if they have to keep going to some one else.. and they say "oh, well, whatever" or "go to him and talk to him" etc... I just think it's smart to put in place a specific group or person or email alias _specifically_ for the purpose of handling this type of situation (security hole? don't know who to report it to? the security grooup knows, talk to them.. and they will handle the contact for you). Again, I ask, is this feasible? Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message