Date: Mon, 20 Jul 1998 17:40:35 -0400 (EDT) From: "Matthew N. Dodd" <winter@jurai.net> To: Brett Glass <brett@lariat.org> Cc: "Christopher G. Petrilli" <petrilli@dworkin.amber.org>, "Gentry A. Bieker" <gbieker@crown.NET>, security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.BSF.3.96.980720173840.10970g-100000@sasami.jurai.net> In-Reply-To: <199807201828.MAA21514@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This sort of thing tends to go over poorly at security audits and with people who's heads are on the line when things break. I'm not willing to trust a 3rd party with that level of control of my system. Nobody should be that trusting. Just think of what would happen if the update process was compromised. On Mon, 20 Jul 1998, Brett Glass wrote: > I'd go further. I'd be willing to allow an INSTANT automatic upgrade > if the FreeBSD Security Manager sent a message, digitally signed with > a nice, long key, saying that a serious exploit might be imminent. It'd > be worth the risk. In the case of the QPopper hole, it would have been > the Right Thing. > > The feature would, of course, be optional. Not everyone would turn it on, > but *I* would. /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980720173840.10970g-100000>