From owner-freebsd-hackers  Wed Apr 25 10:25: 7 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60])
	by hub.freebsd.org (Postfix) with ESMTP id 7C0D137B424
	for <freebsd-hackers@FreeBSD.ORG>; Wed, 25 Apr 2001 10:24:57 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: (qmail 7147 invoked by uid 1000); 25 Apr 2001 17:24:47 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 25 Apr 2001 17:24:47 -0000
Date: Wed, 25 Apr 2001 12:24:47 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc: Kris Kennaway <kris@obsecurity.org>,
	"Andrew R. Reiter" <arr@watson.org>, Rich Morin <rdm@cfcl.com>,
	<freebsd-hackers@FreeBSD.ORG>
Subject: Re: automated checking of Security Advisories
In-Reply-To: <20010425164827.I17348@mail.webmonster.de>
Message-ID: <Pine.BSF.4.31.0104251221180.7028-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Wed, 25 Apr 2001, Karsten W. Rohrbach wrote:

> oldver: bind-8.2.2
> newver: bind-8.2.3

If we're going to flag insecure versions, I think a better way would be to
list "minimum version", which would indicate the lowest numbered version
you can safely run.  This could also be incorporated into the Makefile for
each port so that pkg_version could issue alerts even before security
advisories are issued (or after, if you missed some advisories.)

Of course, there's the issue of bind 8.x.x versus 9.x.x.  I'm not sure how
to resolve what minimum version would refer to.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message