Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Feb 2001 23:48:04 -0500
From:      "Drew Derbyshire" <software@kew.com>
To:        <chat@freebsd.org>
Subject:   FreeBSD Postfix and Majordomo security (was FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE)
Message-ID:  <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com>
References:  <200102082014.PAA29877@vws3.interlog.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
(Headers rigged to move follow ups to -chat ...)

Since the FreeBSD site runs postfix, the fix to block external postings to
the announce list is a Postfix FAQ, using a regular expression filter.  This
would require direct trusted posters to go through a local (or otherwise
trusted IP), and cannot be beaten by forged headers.  (Hint, hint!)

The belief that signing advisories sorts out the good from the bad is naive.
The negative impression is left on users when the reader realizes a bogus
post from an official mailing list is bogus in the first place.   (Nor do
most mail clients support automatically decoding the key.  Heck, I get
global whining for using any sort of MIME at all in mail.)

In general, I'm amazed that after all the SPAM on the FreeBSD mailing lists
that they haven't gone to post-only-by subscribers in general -- clearly,
the maintainers don't seem to care about the lists's quality as much as some
of the subscribers do.  Yes, yes, I've heard the "but we need to let any one
post ..." argument, and refuse to believe it given hackish nature of the
FreeBSD mailing lists, and general disdain for end-users.

(Linux will rule the world, because organizations like RedHat support
relatively clean binary patches using up2date between releases  -- it makes
me sad when I compare this to FreeBSD securty advisories which offer choices
of source patches or "upgrade to Release 4.x-STABLE after the specified"
date, given that such configurations have a prereq of reading the -stable
mailing list and generally breathing FreeBSD.)

-ahd-
--
Drew Derbyshire         UUPC/extended e-mail:  software+sig@kew.com
                                   Telephone:  617-279-9812

"I've got to start listening to those quiet, nagging doubts."   - Calvin




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009c01c093e5$d1cd7230$94cba8c0>