On Tue, 15 Sep 2009 23:47:10 -0700
per...@pluto.rain.com wrote:
> Jerry <ges...@yahoo.com> wrote:
> > Waiting until someone is harmed is tantamount to being an
> > accomplice to the act.
>
> And providing details of a currently-undefendable vulnerability
> to a black hat who did not previously know about it, thereby
> enabling the black hat to perpetrate harm that would otherwise
> not have occurred, isn't?
The simple act of publishing the fact that a know exploit exists for a
given program compromises nothing. Example:
WARN: The following program(s) have known exploits.
PROGRAM: prog-name
PROGRAM VERSION: 2.4
OS: FreeBSD-7.2+
EXPLOIT: Potential to render HD inaccessible
PATCH: NONE AVAILABLE
SUGGESTION: If prog-name is not imperative to system
performance, remove it and consider using a similar
product by another author.
A simple solution that affords the end user the right to make an
informed decision. I realize that governments, especially
socialistic/fascists ones use the terms 'censorship' and 'secret' with
the term 'For their own good' interchangeable. I would hate to see the
open-source community, especially FBSD embracing that philosophy.
--
Jerry
ges...@yahoo.com
Progress is impossible without change, and those who
cannot change their minds cannot change anything.
George Bernard Shaw
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
