From owner-freebsd-security Tue Apr 10 9:17:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail2.insweb.com (mail2.insweb.com [204.254.158.36]) by hub.freebsd.org (Postfix) with ESMTP id 078EE37B422 for ; Tue, 10 Apr 2001 09:17:39 -0700 (PDT) (envelope-from fbsd-secure@ursine.com) Received: from ursine.com (dhcp-4-45-203.users.insweb.com [10.4.45.203]) by mail2.insweb.com (8.11.0/8.11.0) with ESMTP id f3AGHST78619 for ; Tue, 10 Apr 2001 09:17:28 -0700 (PDT) (envelope-from fbsd-secure@ursine.com) Message-ID: <3AD33218.FE8D7ACD@ursine.com> Date: Tue, 10 Apr 2001 09:17:28 -0700 From: Michael Bryan X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Security Announcements? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What's up (or not up) with security announcements these days? It's been some time since the NTP vulnerability came to light, and many other affected systems/products have made their announcements, but nothing official from FreeBSD yet. Now we have an FTP vulnerability hitting the streets too. [And the published list of advisories jumps from FreeBSD-SA-01:25 to FreeBSD-SA-01:30, so it looks like 26-29 are in the pipeline?] I know it's a thankless and time-consuming job, but it seems to me that FreeBSD security announcements are taking longer to come out than perhaps they should. (Not meant as a slam against anybody, especially since I'm not able to step up to the plate and offer any help, but it is a growing concern I've had lately. If everyone thinks I'm just crazy, I'll go back under the rock I woke up under this morning...) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message