[18252] in bugtraq
Re: OpenBSD remote root
daemon@ATHENA.MIT.EDU (Jose Nazario)
Thu Dec 21 00:09:21 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.30.0012201601340.15051-100000@biocserver.BIOC.CWRU.Edu>
Date: Wed, 20 Dec 2000 16:03:46 -0500
Reply-To: Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
From: Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
X-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200012200150.RAA34564@dilvish.speed.net>
On Tue, 19 Dec 2000, Dan Harkless wrote:
> This has been argued before, but many think that OpenBSD's policy of
> not having a specific security announcement mailing list is rash and
> is poor security policy. It's great to say that someone should "check
> the webpage more often", but obviously not everyone can watch it every
> instant.
there is the list security-announce@openbsd.org which works fine. its how
i first heard about the FPd problem. very low traffic.
i have said it before and i will say it again: you should be on every
security list your vendor puts out. nearly every vendor has one. some are
just busier than others.
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
