[17105] in bugtraq
Re: OpenBSD xlock exploit
daemon@ATHENA.MIT.EDU (Darren Reed)
Mon Oct 9 14:13:49 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <200010090022.LAA26851@cairo.anu.edu.au>
Date: Mon, 9 Oct 2000 11:22:27 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: deraadt@CVS.OPENBSD.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200010061942.e96Jg9D21217@cvs.openbsd.org> from "Theo de Raadt"
at Oct 06, 2000 01:42:09 PM
In some mail from Theo de Raadt, sie said:
[...]
> I am sorry, but you and K2 are out of line when you say that we didn't
> tell the world about this. We did.
Hmmm, I'll beg to differ and nit pick. You published information locally
to www.openbsd.org but didn't announce via an active distribution that
known security problems had been fixed. What you're essentially saying
is that "check the openbsd web site regularly because we're not going to
announce (via) any advisories when we fix known security holes".
[...]
> So, and I see this with sincere sarcasm, do you want me to post all of
> our patches for all of our format string fixes? I can, if you really
> want. Think about where bugtraq would head if we were to do that.
We already see n patches for Linux this and Linux that, not to forget
the spam from n Linux vendors when each one fixes a problem, so I'm
not sure that it would detract from bugtraq in any meaningful manner.
Darren
