From owner-freebsd-questions@FreeBSD.ORG Tue Sep 15 17:13:24 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCE81106568F for ; Tue, 15 Sep 2009 17:13:24 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 9A4218FC15 for ; Tue, 15 Sep 2009 17:13:24 +0000 (UTC) Received: from localhost (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id CD4E0EBC3F for ; Tue, 15 Sep 2009 13:13:23 -0400 (EDT) Date: Tue, 15 Sep 2009 13:18:29 -0400 From: Bill Moran To: freebsd-questions@freebsd.org Message-Id: <20090915131829.0b0a0ab7.wmoran@potentialtech.com> In-Reply-To: <20090915130350.226fcf65@scorpio.seibercom.net> References: <4AAE95B2.5050409@sitpub.com> <20090914214642.GA12828@Grumpy.DynDNS.org> <200909150122.43566.mel.flynn+fbsd.questions@mailing.thruhere.net> <20090915071826.a273c4fa.wmoran@potentialtech.com> <20090915104912.1cac505a@scorpio.seibercom.net> <20090915111331.4fdfa964.wmoran@potentialtech.com> <20090915130350.226fcf65@scorpio.seibercom.net> X-Mailer: Sylpheed 2.6.0 (GTK+ 2.12.11; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 17:13:24 -0000 On Tue, 15 Sep 2009 13:03:50 -0400 Jerry wrote: > On Tue, 15 Sep 2009 11:13:31 -0400 > Bill Moran wrote: > > > In response to Jerry : > > > > > > > > I usually discover security problems with updates I receive from > > > . Aren't FreeBSD security problems > > > reported to their site? If not, why? IMHO, keeping users in the > > > dark to known security problems is not a serviceable protocol. > > > > Because releasing security advisories before there is a fix available > > is not responsible use of the information, and (as is being > > discussed) the fix is still in the works. > > I disagree. If I have a medical problem, or what ever, I expect to be > informed of it. The fact that there is no known cure, fix, etc. is > immaterial, if in fact not grossly negligent. This is a stupid and non-relevant comparison. A better comparison would be if I realized that you'd left your car door unlocked in a less than safe neighborhood. Would you rather I told you discreetly, or just started shouting it out loud to the neighborhood? Wait, I know the answer, if I see _your_ car unlocked, I'll just start shouting. > Being keep ignorant of a > security problem is as foolish a theory as "Security through Obscurity". No, it's not. And I don't even want to hear your ill-fitting metaphor for how you arrived at that conclusion. > I find the updates invaluable. The fact that > apparently FBSD does not encompass them I find discomforting. You're missing the fact that FreeBSD's security issues _are_ listed there, when appropriate. Your obvious ignorance of how things operate absolves you of any right to complain. > BTW, please do not CC: me. I am subscribe to the list and do not need > multiple copies of the same post. Whine me a river, for crying out loud. List policy on this list since the Dawn of Time has been to CC the list and the poster. I'm not going to check with everyone on the list to see if they're subscribed or not. Don't like it? Get off the list. -Bill