Date: Mon, 4 Aug 2003 16:13:37 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath Message-ID: <20030804160226.R88481@fubar.adept.org> In-Reply-To: <20030804210016.GB10339@madman.celabo.org> References: <200308040004.h7404VVL030671@freefall.freebsd.org> <20030804101130.GA51954@cirb503493.alcatel.com.au> <3F2E1B42.8BDE2215@grosbein.pp.ru> <20030804085018.GA24017@rz-ewok.rz.uni-karlsruhe.de> <3F2E1B42.8BDE2215@grosbein.pp.ru> <20030804210016.GB10339@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Aug 2003, Jacques A. Vidrine wrote: > > May I suggest that in future, when a release is not vulnerable due to > > code rewrites or similar, this fact be explicitly mentioned. IMHO, > > it's far better to err on the side of caution when dealing with > > security issues. That's true, but I can also see KISS. If you add more data than absolutely needed, confusion may also arise. I'm not defending either viewpoint (or saying that'd occur in this case), just pointing out possible motivations for the current format. > I think that if one takes the `Affects' lines (and the rest of the > advisory) at face value, without second-guessing, that it is crystal > clear what versions of FreeBSD are affected. But of course I would > :-) By now I would have hoped something as crucial as security advisories for well-accepted operating systems would be fairly standardized. Of course, some "vendor customization" is to be expected/needed, but is it flame bait to ask "What do all the big boys do?" By that, I simply mean, how are the advisories for things like Solaris, IRIX, HP-UX, etc. handled? Wouldn't it behoove everyone if advisories were as "familiar" as possible? Along those lines, I'd expect to see similar field labels, content, etc. If that's just plain silly, it wouldn't be the first time my expectations were wrong... But it does seem like fairly common sense. -mrh -- From: "Spam Catcher" <spam-catcher@adept.org> To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804160226.R88481>