Date: Tue, 10 Jul 2001 09:57:10 -0600 From: Wes Peters <wes@softweyr.com> To: Ryan Masse <rmasse@mastery.ca> Cc: jamie rishaw <jamie@playboy.com>, FreeBSD-Security <freebsd-security@freebsd.org> Subject: Re: security advisories Message-ID: <3B4B25D6.984E7EDB@softweyr.com> References: <00ff01c10950$86f94000$3200000a@Intranet> <20010710103255.D5972@playboy.com> <017001c10957$1c66fa00$3200000a@Intranet>
next in thread | previous in thread | raw e-mail | index | archive | help
Ryan Masse wrote:
>
> complain? for those individuals with the port in question installed and who
> wait for an advisory to take action in updating their source would have had
> a possible security breach from the time realized to the time an advisory is
> issued. Wouldn't you want an advisory as soon the bug was found? Even though
> the samba bug is not of major concern what if it were more serious? Would
> you want to leave your mission critical servers open to attack?
The advisories are issued as soon as the puported problem has been
researched, verified, and either a workaround or a fix implemented.
Sometimes the workaround is as simple as "don't use this until we
have a fix available," which may or may not be useful to you.
As I pointed out in my previous message, you have one sure-fire way to
help decrease the latency in the analysis and writing of SAs: join the
team and work hard.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B4B25D6.984E7EDB>