Date: Mon, 23 Aug 2004 17:21:20 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: Jacques A.Vidrine <nectar@FreeBSD.org> Cc: FreeBSD-vuxml@FreeBSD.org Subject: Re: portaudit wishlist Message-ID: <15E125E6-F518-11D8-8CAA-00039312D914@fillmore-labs.com> In-Reply-To: <941610FA-F515-11D8-8CAA-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[...] >>>> Yes, I think it is misleading to apply such tags which a user might >>>> take as an absolute judgement when in fact they just need to read the >>>> description. >>> >>> Not everyone has the time to review every description. Besides, the >>> description might be as wrong or misleading as the tags mentioned. If >>> you say "users have to understand the system fully or they shouldn't >>> run >>> the software" you basically state "FreeBSD is only for experts". I'm >>> just trying to make some often asked questions machine readable. For >>> example when I run portaudit on a server with no users, I might decide >>> to care for local exploitable vulnerabilities only ever friday, >>> while I >>> have to handle remote exploitable vulnerabilities immediately. This >>> system is not perfect, but usable. You give users basically no way to >>> filter the information, which would be a valuable feature. One one >>> hand >>> you state users have to be knowledgeable to run a system, one the >>> other >>> you claim they might take tags `as an absolute judgement'. In this >>> case >>> reading the (possibly wrong) description might not improve anything. >> >> Your ``reasoning'' makes me dizzy. >> >> Look Oliver, knock yourself out: come up with your own severity rating >> scheme and implement it. Stop bugging the security team to do it, >> I've already explained that we will not at this time. > > Ok, back to my own database specification then? We have just a > different view on our user base, and I think you fail to address some > needs. Not everybody is a purist here, some `just want to have the job > done', even when this means to err once or twice. Thinking a little about it, I believe this should be discussed in a place where portaudit users are present, either ports@ or security. freebsd-vuxml@ has too few subscribers to get an useful picture of what features desired by users are. -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15E125E6-F518-11D8-8CAA-00039312D914>