On Tue, 15 Sep 2009 07:18:26 -0400 Bill Moran <wmo...@potentialtech.com> wrote:
> Mel Flynn <mel.flynn+fbsd.questi...@mailing.thruhere.net> wrote: > > > > On Monday 14 September 2009 23:46:42 David Kelly wrote: > > > On Mon, Sep 14, 2009 at 05:13:54PM -0400, ill...@gmail.com wrote: > > > > Am 2009/9/14 Dan Goodin <dgoo...@sitpub.com> writhed: > > > > > Hello, > > > > > > > > > > Dan Goodin, a reporter at technology news website The > > > > > Register. Security researcher Przemyslaw Frasunek says > > > > > versions 6.x through 6.4 of FreeBSD has a security bug. He > > > > > says he notified the FreeBSD Foundation on August 29 and > > > > > never got a response. We'll be writing a brief article about > > > > > this. Please let me know ASAP if someone cares to comment. > > > > > > > > Has anyone submitted a PR about this? > > > > > > Przemyslaw Frasunek has PR's posted but none recent. IMO if a PR > > > is not submitted then one has *not* informed the Powers That Be. > > > > Wrong. Security bugs should be reported to the security team, not > > PR'd. > > It's typical for security issues to be kept hushed until a fix is > ready. As a result, there are usually no PRs, and in the case where > the person who discovered the problem is amenable, there is no public > discussion at all until a fix is available. > > Apparently, Mr. Frasunek started out down that path, which is > admirable. It seems as if he doesn't have much patience, however, > since he thinks that only 2 weeks is enough time to fix a security > problem and QA the fix. I usually discover security problems with updates I receive from <http://www.us-cert.gov/>. Aren't FreeBSD security problems reported to their site? If not, why? IMHO, keeping users in the dark to known security problems is not a serviceable protocol. -- Jerry ges...@yahoo.com If there is a possibility of several things going wrong, the one that will cause the most damage will be the one to go wrong. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
