From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 23 13:33:37 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D589F16A4CE for ; Wed, 23 Mar 2005 13:33:37 +0000 (GMT) Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1F4E43D1F for ; Wed, 23 Mar 2005 13:33:36 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id j2NDXa9p045341; Wed, 23 Mar 2005 07:33:36 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <4241701F.3060804@centtech.com> Date: Wed, 23 Mar 2005 07:33:19 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Nemeth References: <200503230304.j2N34R97020359@vtn1.victoria.tc.ca> In-Reply-To: <200503230304.j2N34R97020359@vtn1.victoria.tc.ca> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org Subject: Re: security or lack thereof X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 13:33:37 -0000 John Nemeth wrote: > So, is it FreeBSD policy to ignore security bug reports? I sent > the following bug report to security@freebsd.org on Feb. 19th, 2005 and > it still hasn't been acted on. This total lack of action on an > extremely simple (and silly) three year old bug doesn't give one the > warm fuzzies. Heck, it took 48 hours to get a response from a security > officer, and another 24 hours to get something from the guilty > developer. I'm a nobody as far as FreeBSD src trees, bugs, etc go, but I didn't see a PR in the bug reports database (link on the left of the main freebsd.org website). This is probably why it got shuffled into a crack somewhere, but take my bits with a grain of salt. If you haven't, please submit your patch via the bug system here: http://www.freebsd.org/send-pr.html Thanks for the bug find.. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology I have seen the future and it is just like the present, only longer. ------------------------------------------------------------------------