Date: Fri, 17 Jan 2003 20:20:04 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Juli Mallett <jmallett@FreeBSD.org> Cc: "Bruce A. Mah" <bmah@FreeBSD.org>, Alfred Perlstein <bright@mu.org>, Gregory Sutter <gsutter@zer0.org>, Nate Lawson <nate@root.org>, Martin Blapp <mb@imp.ch>, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/mountd mountd.c src/usr.sbin/rpc.lockd lockd.c src/usr.sbin/rpc.statd statd.c src/usr.sbin/rpc.yppasswdd yppasswdd_main.c src/usr.sbin/rpcbind rpcb_svc_com Message-ID: <Pine.NEB.3.96L.1030117201712.57637A-100000@fledge.watson.org> In-Reply-To: <20030117155605.A4640@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Jan 2003, Juli Mallett wrote: > We just need to know that there *is* a security-related aspect to what > has been committed, and that we should await further info. You may feel that way, but you'd be wrong. We receive advance information on vulnerabilities only under very specific conditions, and those conditions frequently don't including telling Juli about unannounced vulnerabilities in hundreds of thousands of machines. Handling of security vulnerabilities is one of the more interesting sets of conflicts open source systems have to deal with by nature. Let's not make it any harder than it already is. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030117201712.57637A-100000>