FLAME - security advisories on the 23rd ? uncool idea is uncool
Michael Butler
imb at protected-networks.net
Fri Dec 23 17:37:34 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/23/11 11:53, Karl Denninger wrote:
> I happen to APPLAUD the FreeBSD Security team for doing this.
>
> I WANT security fixes out as soon as reasonably possible. You're NOT
> telling the bad guys anything they don't already know, but you ARE
> making it possible for the good guys to raise shields.
>
> A "remote root" problem is about as bad as it gets.
+1
Even if the timing is less than optimal, having the necessary
information "out there" offers the opportunity for each organization to
make an *informed choice* as to which vulnerabilities might be present
in their deployments, which are of highest priority and what resourcing
decision are appropriate in their specific context.
The FreeBSD Security folk are not saying "you must do this today"; they
*can't* make that call on our behalf - it is entirely an organizational
decision based on our assessment(s) of our risk and exposure,
imb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk70vFkACgkQQv9rrgRC1JJ1YgCdELKoI5JH8FaIjrlHm/Fco3y1
3s8AoJHarM0WhuCf0edFUWQpfkFF4g+S
=Z4M2
-----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list