Date: Mon, 20 Jul 1998 20:55:44 -0700 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Brett Glass <brett@lariat.org> Cc: Andrew Kenneth Milton <akm@zeus.theinternet.com.au>, petrilli@dworkin.amber.org, gbieker@crown.NET, security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <27249.900993344@time.cdrom.com> In-Reply-To: Your message of "Mon, 20 Jul 1998 20:57:03 MDT." <199807210257.UAA00240@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Possibly. But in this case, by the time I found out about the problem, > someone else could already have fixed it and it could have been installed > automatically on the system. Why re-implement the wheel or duplicate > another's effort? To jump in on Brett's side for a second here (wow! :), I would also like to say that than an "automatic updating service" like this would probably do more good than harm in the long run and is probably worth pursuing. However, due to general lack of time and resources in the project coupled with the important fact that I wouldn't want the project to be behind the legal 8-ball the first time this auto-update mechanism was compromised into an "auto-crack" mechanism, I'd sooner see this put together on an entirely INFORMAL basis by someone outside the project. It's not something I think we need or want to get into the middle of. Code up a proof of concept, deal with the security issues behind implementing it and see who you can sign up as "customers" of such a mechanism. I'd be perfectly happy to see Brett lead an effort like that and, since he's now sort of put himself on the spot by suggesting it, will direct anyone wishing to get involved in such an effort to Brett's doorstep. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27249.900993344>