reporter on deadline seeks comment about reported security bug in FreeBSD

Jerry gesbbb at
Wed Sep 16 11:08:58 UTC 2009

On Tue, 15 Sep 2009 23:47:10 -0700
perryh at wrote:

> Jerry <gesbbb at> wrote:
> > Waiting until someone is harmed is tantamount to being an
> > accomplice to the act.
> And providing details of a currently-undefendable vulnerability
> to a black hat who did not previously know about it, thereby
> enabling the black hat to perpetrate harm that would otherwise
> not have occurred, isn't?

The simple act of publishing the fact that a know exploit exists for a
given program compromises nothing. Example:

WARN: The following program(s) have known exploits.

PROGRAM:	 prog-name
OS:	 	 FreeBSD-7.2+
EXPLOIT:	 Potential to render HD inaccessible
SUGGESTION:	 If prog-name is not imperative to system
		 performance, remove it and consider using a similar
		 product by another author.

A simple solution that affords the end user the right to make an
informed decision. I realize that governments, especially
socialistic/fascists ones use the terms 'censorship' and 'secret' with
the term 'For their own good' interchangeable. I would hate to see the
open-source community, especially FBSD embracing that philosophy.

gesbbb at

Progress is impossible without change, and those who
cannot change their minds cannot change anything.

	George Bernard Shaw

More information about the freebsd-questions mailing list