On 12/26/14 23:35, Darren Pilgrim:
IV. Workaround
No workaround is available,
We talk explicitly about the base system, not about ports. We never
mentioned them and I do not see a reason to start doing so.
I don't understand why you wouldn't.
Hm ...
We can turn off vulnerable service.
We can replace vulnerable software by another, non vulnerable.
We can leave vulnerable service running, but block access to it.
Security advisory is advisory. An administrator should make own
decisions based on it.
I'm pretty sure the system administrators are recognizing those obvious
things despite not mentioned explicitly. It require basic skills only.
I disagree that obvious things should be enumerated in SA. The SA should
be short and readable.
In advance, Security Officer should not recommend other software as
secure replacement unless he consider it secure. Such analysis take a
lot of time and it will cause unacceptable delay of SA.
Just my $0.02
Dan
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
