On Fri, Mar 16, 2007 at 04:31:32AM +0000, Karl O. Pinc wrote: > On 03/15/2007 10:48:49 PM, Ray Percival wrote: > >On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote: > > >>I rely on having a clear channel for security related > >>problems. > > >The only communication problem here is that you don't look > >at the information that the project puts out there for you. > > The project says it will announce security errata > on the security-announce list. I _am_ assuming this > will be done in a timely fashion... This does not > seem like an unreasonable assumption.
It has to be timely otherwise some blackhat could craft a working exploit Internet worm and get an army of zombies for his unpopular activities. OpenBSD could get a negative media attention from this and people would have to wipe their systems and perform a clean install. Huge losses. That's something people generally don't want. The best would be if the administrator were prompted in that case regardless if he reads Slashdot, any mailing lists, bugtraq etc. CL<
