[18270] in bugtraq
Re: OpenBSD remote root
daemon@ATHENA.MIT.EDU (Dan Harkless)
Thu Dec 21 12:53:33 2000
Message-ID: <200012210457.UAA18718@dilvish.speed.net>
Date: Wed, 20 Dec 2000 20:57:39 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
X-To: Jose Nazario <jose@biocserver.BIOC.CWRU.Edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Jose Nazario <jose@biocserver.BIOC.CWRU.Edu> of
"Wed, 20 Dec 2000 16:03:46 EST."
<Pine.LNX.4.30.0012201601340.15051-100000@biocserver.BIOC.CWRU.Edu>
Jose Nazario <jose@biocserver.BIOC.CWRU.Edu> writes:
> On Tue, 19 Dec 2000, Dan Harkless wrote:
>
> > This has been argued before, but many think that OpenBSD's policy of
> > not having a specific security announcement mailing list is rash and
> > is poor security policy. It's great to say that someone should "check
> > the webpage more often", but obviously not everyone can watch it every
> > instant.
>
> there is the list security-announce@openbsd.org which works fine. its how
> i first heard about the FPd problem. very low traffic.
Sorry, last time I checked out OpenBSD they didn't have such a list, and
rather forced you to actively check the web page, as the message I replied
to was suggesting. This list must be pretty new -- I just checked out all
four OpenBSD mailing list archive sites, and none of them have an archive of
it.
> i have said it before and i will say it again: you should be on every
> security list your vendor puts out. nearly every vendor has one. some are
> just busier than others.
Yup, agree completely. Hopefully this post will alert some people to the
fact that that list exists now.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
