Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Apr 2001 09:46:09 -0400
From:      Mikel King <mikel@ra.upan.org>
To:        Michael Bryan <fbsd-secure@ursine.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Security Announcements?
Message-ID:  <20010411094609.A64571@ra.upan.org>
In-Reply-To: <3AD33218.FE8D7ACD@ursine.com>; from fbsd-secure@ursine.com on Tue, Apr 10, 2001 at 09:17:28AM -0700
References:  <3AD33218.FE8D7ACD@ursine.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Apr 10, 2001 at 09:17:28AM -0700, Michael Bryan wrote:
> 
> What's up (or not up) with security announcements these days?
> It's been some time since the NTP vulnerability came to light,
> and many other affected systems/products have made their
> announcements, but nothing official from FreeBSD yet.  Now we
> have an FTP vulnerability hitting the streets too.

{SNIP}

Wow this has turned into a rather long thread...Ok so I've read quite a
bit of it, and what seems to be repeated over several times is that
people feel like they are getting informed. I liken it to whenI get a
notice from the monitor that one of my clients' T1s goes down and I
start working on it pronto but fail to call the client until it's done,
or worse they call me. I can't tell you how mych better they feel being
called imediately just to let them know that we're on top of things.

Of course this leads the question, would it be a good idea to ask the
security team, to publish a list on a periodic basis that identifies
each update they are working on/needs work to be done etc...I know on
the one hand that I would like the extra notification and yet on the
other I really don't want the script-kiddies on this list to pick up on
things that the fBSD crew fix internally before anyone normally
ever knows about them...

Sure it would be nice to have a bin system but stable seems easy enough
so until some one actually developes a better system I'll wage stable is
the way to go.

well that's my $0.01

cheers,
mikel

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010411094609.A64571>