[14275] in bugtraq
Re: Sendmail 8.8.x - time to upgrade?
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Tue Mar 14 19:05:17 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0003121435000.39765-100000@hub.freebsd.org>
Date: Sun, 12 Mar 2000 14:42:15 -0800
Reply-To: Kris Kennaway <kris@HUB.FREEBSD.ORG>
From: Kris Kennaway <kris@HUB.FREEBSD.ORG>
X-To: Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <lcamtuf.4.05.9907150718270.458-100000@nimue.ids.pl>
On Thu, 15 Jul 1999, Michal Zalewski wrote:
> Another bad thing about authors of distributions - they usually. Good
> words to RedHat - their advisories and packages with supplied .diff files
> are quite good. Flames to Slackware - they did really good work, but seems
> to me they feel not obliged to inform people about fixes the way RH does.
> Sometimes I get really surprised when I find out that a lot of security
> holes present in eg. RH are not present in Slackware, but there's no any
> information about bugfixes etc.
This is an important point which I think you (and others) should be aware
of. Organisations like Slackware (and incidentally FreeBSD) are
volunteer-driven, unlike Redhat who (can) pay people to do the grunt jobs
they need doing. This means that things like security advisories are
dependant on some volunteer finding the time in his busy schedule to
actually write the thing.
As important as security advisories are, please try and think of the human
face behind it before "flaming" a volunteer software vendor. These people
are giving up their free time for you, and if occasionally they don't
manage to keep up with the sometimes furious pace of security advisory
releasing (I should know, I have 5 ports advisories waiting to be written
for FreeBSD which I'm trying to find time for), you should still be
grateful for the times when they do.
Kris Kennaway
FreeBSD Ports Security Officer
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
