Date: Tue, 15 Sep 2009 13:18:29 -0400 From: Bill Moran <wmoran@potentialtech.com> To: freebsd-questions@freebsd.org Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD Message-ID: <20090915131829.0b0a0ab7.wmoran@potentialtech.com> In-Reply-To: <20090915130350.226fcf65@scorpio.seibercom.net> References: <4AAE95B2.5050409@sitpub.com> <d7195cff0909141413g3f835bbeq4dc4d7b23872e043@mail.gmail.com> <20090914214642.GA12828@Grumpy.DynDNS.org> <200909150122.43566.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <20090915071826.a273c4fa.wmoran@potentialtech.com> <20090915104912.1cac505a@scorpio.seibercom.net> <20090915111331.4fdfa964.wmoran@potentialtech.com> <20090915130350.226fcf65@scorpio.seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Sep 2009 13:03:50 -0400 Jerry <gesbbb@yahoo.com> wrote: > On Tue, 15 Sep 2009 11:13:31 -0400 > Bill Moran <wmoran@potentialtech.com> wrote: > > > In response to Jerry <gesbbb@yahoo.com>: > > > > > > > > I usually discover security problems with updates I receive from > > > <http://www.us-cert.gov/>. Aren't FreeBSD security problems > > > reported to their site? If not, why? IMHO, keeping users in the > > > dark to known security problems is not a serviceable protocol. > > > > Because releasing security advisories before there is a fix available > > is not responsible use of the information, and (as is being > > discussed) the fix is still in the works. > > I disagree. If I have a medical problem, or what ever, I expect to be > informed of it. The fact that there is no known cure, fix, etc. is > immaterial, if in fact not grossly negligent. This is a stupid and non-relevant comparison. A better comparison would be if I realized that you'd left your car door unlocked in a less than safe neighborhood. Would you rather I told you discreetly, or just started shouting it out loud to the neighborhood? Wait, I know the answer, if I see _your_ car unlocked, I'll just start shouting. > Being keep ignorant of a > security problem is as foolish a theory as "Security through Obscurity". No, it's not. And I don't even want to hear your ill-fitting metaphor for how you arrived at that conclusion. > I find the <http://www.us-cert.gov/>; updates invaluable. The fact that > apparently FBSD does not encompass them I find discomforting. You're missing the fact that FreeBSD's security issues _are_ listed there, when appropriate. Your obvious ignorance of how things operate absolves you of any right to complain. > BTW, please do not CC: me. I am subscribe to the list and do not need > multiple copies of the same post. Whine me a river, for crying out loud. List policy on this list since the Dawn of Time has been to CC the list and the poster. I'm not going to check with everyone on the list to see if they're subscribed or not. Don't like it? Get off the list. -Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090915131829.0b0a0ab7.wmoran>