Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Sep 2009 16:32:27 -0700 (PDT)
From:      James Phillips <anti_spam256@yahoo.ca>
To:        freebsd-questions@freebsd.org
Subject:   Re: freebsd-questions Digest, Vol 276, Issue 5
Message-ID:  <397697.56713.qm@web65504.mail.ac4.yahoo.com>
In-Reply-To: <20090915192353.08EFB1065696@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
=0A> =0A> Message: 15=0A> Date: Tue, 15 Sep 2009 14:13:17 -0400=0A> From: J=
erry <gesbbb@yahoo.com>=0A> Subject: Re: reporter on deadline seeks comment=
 about=0A> reported=0A> =A0=A0=A0 security bug in FreeBSD=0A> To: freebsd-q=
uestions@freebsd.org=0A> Message-ID: <20090915141317.7a41b042@scorpio.seibe=
rcom.net>=0A> Content-Type: text/plain; charset=3DUS-ASCII=0A> =0A> On Tue,=
 15 Sep 2009 13:18:29 -0400=0A> Bill Moran <wmoran@potentialtech.com>=0A> w=
rote:=0A> =0A<SNIP!>=0A> =0A> The fact is, that you do in fact notify me. K=
eeping=0A> important security=0A> information secret benefits no one, excep=
t for possibly=0A> those=0A> responsible for the problem to begin with who =
do not want=0A> the=0A> knowledge of the problem to become public. A multit=
ude of=0A> software,=0A> such as Mozilla, publish known security holes in t=
heir=0A> software.=0A> The ramifications of allowing a user to actively use=
 a=0A> piece of=0A> software when a known bug/exploit/etc. exists within it=
 is=0A> grossly=0A> negligent.=0A>   =0A=0AThe important question is: known=
 by whom?=0AEvery reviewer brings their own bias and experience. The code h=
as not been "proven correct," so there is not reason to assume that a Black=
-hat will find the same bug/exploit. If there are more than about 3 unknown=
 exploits, they are more likely to find a different one.=0A=0AIMO, Mozilla =
is a bad example. I've been bitten by (non-security) bugs going back to 1.5=
 or earlier. Disclosure: I still prefer Lynx.=0A=0A=0A<SNIP!>=0A=0A> =0A=0A=
=0A      __________________________________________________________________=
=0AThe new Internet Explorer=AE 8 - Faster, safer, easier.  Optimized for Y=
ahoo!  Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplor=
er/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397697.56713.qm>