reporter on deadline seeks comment about reported security bug
in FreeBSD
Bill Moran
wmoran at potentialtech.com
Tue Sep 15 17:13:24 UTC 2009
On Tue, 15 Sep 2009 13:03:50 -0400
Jerry <gesbbb at yahoo.com> wrote:
> On Tue, 15 Sep 2009 11:13:31 -0400
> Bill Moran <wmoran at potentialtech.com> wrote:
>
> > In response to Jerry <gesbbb at yahoo.com>:
> >
> > >
> > > I usually discover security problems with updates I receive from
> > > <http://www.us-cert.gov/>. Aren't FreeBSD security problems
> > > reported to their site? If not, why? IMHO, keeping users in the
> > > dark to known security problems is not a serviceable protocol.
> >
> > Because releasing security advisories before there is a fix available
> > is not responsible use of the information, and (as is being
> > discussed) the fix is still in the works.
>
> I disagree. If I have a medical problem, or what ever, I expect to be
> informed of it. The fact that there is no known cure, fix, etc. is
> immaterial, if in fact not grossly negligent.
This is a stupid and non-relevant comparison. A better comparison would
be if I realized that you'd left your car door unlocked in a less than
safe neighborhood. Would you rather I told you discreetly, or just started
shouting it out loud to the neighborhood? Wait, I know the answer, if I
see _your_ car unlocked, I'll just start shouting.
> Being keep ignorant of a
> security problem is as foolish a theory as "Security through Obscurity".
No, it's not. And I don't even want to hear your ill-fitting metaphor for
how you arrived at that conclusion.
> I find the <http://www.us-cert.gov/> updates invaluable. The fact that
> apparently FBSD does not encompass them I find discomforting.
You're missing the fact that FreeBSD's security issues _are_ listed there,
when appropriate.
Your obvious ignorance of how things operate absolves you of any right
to complain.
> BTW, please do not CC: me. I am subscribe to the list and do not need
> multiple copies of the same post.
Whine me a river, for crying out loud. List policy on this list since the
Dawn of Time has been to CC the list and the poster. I'm not going to check
with everyone on the list to see if they're subscribed or not. Don't like
it? Get off the list.
-Bill
More information about the freebsd-questions
mailing list