On 15-Mar-07, at 11:48 PM, Ray Percival wrote:
On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote:
<snip>
I agree. I'm very annoyed that I have to read about this
problem on slashdot. The misc list is not the right place
for this announcement, some low-traffic announce list that
goes right into my inbox is where this stuff belongs.
I rely on having a clear channel for security related
problems.
You -do- know that this has been on the errata page since
Friday, right? Because as worried as you are and as important
as this is to you you take the responsibility to check said page
every day, of course. Oh wait. No you don't.
Come on this is open source it should be a maker's culture.
You know where these things are as soon as they hit the tree
and it takes all of two whole minutes to glance at it once or
twice a day. Step up to the plate and do for yourself.
That's what I was going to say. If you did things properly,
you would have had this patch applied before you knew that it
was a remote hole. I was confused when I read that the patch
had been published on the 7th because I didn't think I'd seen
it. Then I realized I was already running it. That's
called a -6 day bug fix ;)
'Course it seems odd that this isn't on security-announce@ but
I don't remember seeing a guarantee of that when I signed the
contract... oh wait...
