From owner-freebsd-questions@FreeBSD.ORG Tue Sep 15 18:13:20 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 186A6106566B for ; Tue, 15 Sep 2009 18:13:20 +0000 (UTC) (envelope-from gesbbb@yahoo.com) Received: from smtp110.prem.mail.ac4.yahoo.com (smtp110.prem.mail.ac4.yahoo.com [76.13.13.93]) by mx1.freebsd.org (Postfix) with SMTP id A8FA18FC0A for ; Tue, 15 Sep 2009 18:13:19 +0000 (UTC) Received: (qmail 23342 invoked from network); 15 Sep 2009 18:13:18 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Received:Date:From:To:Subject:Message-ID:In-Reply-To:References:Reply-To:Organization:X-Mailer:Face:Mime-Version:Content-Type:Content-Transfer-Encoding; b=58qmKfOz6RMXevAZFZwqTc7FDm7plPVbeHFrYGJi0J65rpXLNuoU4FT9Bku1ARtVh8BuSq5NPt2ztDec4cvDN29g6zWls3tEXXVFJZBULvkxjEdxjOG0kwz9bhOTO2dryp/k6/5ooCNV0ivScKcqZbTZd1VIWAIujM6Qn2lWSMo= ; Received: from c-67-189-183-172.hsd1.ny.comcast.net (gesbbb@67.189.183.172 with login) by smtp110.prem.mail.ac4.yahoo.com with SMTP; 15 Sep 2009 11:13:18 -0700 PDT X-Yahoo-SMTP: yeAAMgKswBATCul4lSbCWspvTA-- X-YMail-OSG: WamPVSEVM1lYaFjpMsOtOerKg6ut5tDn1qAxU.6nY6F9nQioWTCjD0VKv0RlKEUOMcg2hBuQ7lFXu0JH_i_tum56gOjv587iRuLkBG9udb_a2hfRUqS7dmbqXrQuG0hkV6iuKhwBtOz_tX7yy7oZhLUPmK2lhSv4FQfBpvsewAyBUv2mXRiRrBSGnDs9zCbU7UmdmQMFjZVFJkZ4JTTkV8q5bKX.Cllb_ChxCKYAnTNbHTZgiIDyL8mSuqynC1vupwTCnkNQVgSieqSVhG5J57BkbQoG3OBCcfojpBTBR8Bf9598b7jfpfGqHaktctyng4fp_qupSDK4N1dUoib. X-Yahoo-Newman-Property: ymail-3 Received: from scorpio.seibercom.net (scorpio.seibercom.net [192.168.1.103]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: gesbbb@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 439192280B for ; Tue, 15 Sep 2009 14:13:18 -0400 (EDT) Date: Tue, 15 Sep 2009 14:13:17 -0400 From: Jerry To: freebsd-questions@freebsd.org Message-ID: <20090915141317.7a41b042@scorpio.seibercom.net> In-Reply-To: <20090915131829.0b0a0ab7.wmoran@potentialtech.com> References: <4AAE95B2.5050409@sitpub.com> <20090914214642.GA12828@Grumpy.DynDNS.org> <200909150122.43566.mel.flynn+fbsd.questions@mailing.thruhere.net> <20090915071826.a273c4fa.wmoran@potentialtech.com> <20090915104912.1cac505a@scorpio.seibercom.net> <20090915111331.4fdfa964.wmoran@potentialtech.com> <20090915130350.226fcf65@scorpio.seibercom.net> <20090915131829.0b0a0ab7.wmoran@potentialtech.com> Organization: seibercom.net X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.6; i386-portbld-freebsd7.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEX+/v7++v6YOTrq8PCcuIX989UvOSj++v0BNCbpAAAAB3RJTUUHsQwfFzs7RBhzUQAAAhJJREFUOI1dU8GOqzAMNKIoV1bvwD1i0ysqrHplIdBrVSX7ATSbd03VVvn9tQNtQy0hjAdn7LED4AAcPtWm9RV+MPSfxhBLx9ajd6X/ngB6/mTwnRSZua7i7Ca+0ctZKo4Qmz+JY13X6I3nFZBxIYW1PbgfQ5RP8g0XlltEWGf3cV03joYpRnFbvYDKbXjZlXyyhEZA4lI+cN3NaVXE4VKjSwTExO10eTEkkJVqIAD5z0nUBQJluQDRSQjcrBiHAJxZlAH5CUMBMC7OcJ4LMQNnxhZ1HYPscMc6J4UlWRMNwzOpCcAHKSICd1EDn83abdREIbXsHkD1OinP1aCUCOEVRaa1lMcvywUWdYgk13JQUpYNKmvXQ8Kw5ML9YI5h8SakctBc7E/IYuLhYd/zZIk+1gM1vNweQBvHE0j+oYah3sMqAytQYlZk6+ANaaawJdu3OFzYGMZ3iGpa3qMlq9ZH0VZTgrCtw/ngdYkEIIpSbP1bWQAdFdX9vocBdkH2qVjVmuMu3gI5rjs814EUdrCZgWlPaxZZ3RiLFUtr+ud0PXwp2dnQSNXgePt6AZpBj6UMJ7VQkzN4utVeaSW1Dhn/kblGrKeMvNGnzwX4zuEDarYz1KdPtR60Gul0Gued+515SJXhCsl+Tx/3kY/UDvicPll9mfu50t3tvQ/thZpJYgeuwdSKNJ6tCD98MCgoxLDaPxbwqqwPWaWiAAAAAElFTkSuQmCC X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 18:13:20 -0000 On Tue, 15 Sep 2009 13:18:29 -0400 Bill Moran wrote: > On Tue, 15 Sep 2009 13:03:50 -0400 > Jerry wrote: > > > On Tue, 15 Sep 2009 11:13:31 -0400 > > Bill Moran wrote: > > > > > In response to Jerry : > > > > > > > > > > > I usually discover security problems with updates I receive from > > > > . Aren't FreeBSD security problems > > > > reported to their site? If not, why? IMHO, keeping users in the > > > > dark to known security problems is not a serviceable protocol. > > > > > > Because releasing security advisories before there is a fix > > > available is not responsible use of the information, and (as is > > > being discussed) the fix is still in the works. > > > > I disagree. If I have a medical problem, or what ever, I expect to > > be informed of it. The fact that there is no known cure, fix, etc. > > is immaterial, if in fact not grossly negligent. > > This is a stupid and non-relevant comparison. A better comparison > would be if I realized that you'd left your car door unlocked in a > less than safe neighborhood. Would you rather I told you discreetly, > or just started shouting it out loud to the neighborhood? Wait, I > know the answer, if I see _your_ car unlocked, I'll just start > shouting. The fact is, that you do in fact notify me. Keeping important security information secret benefits no one, except for possibly those responsible for the problem to begin with who do not want the knowledge of the problem to become public. A multitude of software, such as Mozilla, publish known security holes in their software. The ramifications of allowing a user to actively use a piece of software when a known bug/exploit/etc. exists within it is grossly negligent. > > Being keep ignorant of a > > security problem is as foolish a theory as "Security through > > Obscurity". > > No, it's not. And I don't even want to hear your ill-fitting > metaphor for how you arrived at that conclusion. > > > I find the updates invaluable. The fact > > that apparently FBSD does not encompass them I find discomforting. > > You're missing the fact that FreeBSD's security issues _are_ listed > there, when appropriate. > > Your obvious ignorance of how things operate absolves you of any right > to complain. > > > BTW, please do not CC: me. I am subscribe to the list and do not > > need multiple copies of the same post. > > Whine me a river, for crying out loud. List policy on this list > since the Dawn of Time has been to CC the list and the poster. I'm > not going to check with everyone on the list to see if they're > subscribed or not. Don't like it? Get off the list. I just check the FreeBSD list web page, and failed to find any indication that CC:ing was the desired posting response. In fact, except for a few, perhaps one or two others, I am not aware of any perpetual CC:'s on this list. Then again, I doubt that they feel as threatened when their beliefs are questioned. Perhaps you should seek professional help for your anger issues. Now, if you don't like that, "KISS MY ASS". > -Bill -- Jerry gesbbb@yahoo.com If it doesn't smell yet, it's pretty fresh. Dave Johnson, on dead seagulls