FLAME - security advisories on the 23rd ? uncool idea is uncool
George Kontostanos
gkontos.mail at gmail.com
Fri Dec 23 21:57:14 UTC 2011
On Fri, Dec 23, 2011 at 11:45 PM, Shawn Webb <lattera at gmail.com> wrote:
> As others have mentioned, you don't _have_ to patch this weekend. All
> of the vulnerabilities have been [semi-]public knowledge for at least
> a week. What's the harm in waiting till next week? Just pretend like
> the patches came in on Tuesday.
>
> I, for one, am grateful that FreeBSD has provided patches. It allows
> people who do have the time/ability to patch this weekend to do just
> that. If you don't want to, then don't. Simple as that.
>
> Thanks,
>
> Shawn
>
I wish it was that simple. It is very different to be aware of a
possible vulnerability from getting an official security advisory.
Unfortunately sometimes, the decision to patch or not to patch, comes
from people who decide based upon bureaucracy.
I am certainly thankful to the FreeBSD security team for identifying
and providing patches.
However, when you start receiving emails about security advisories
every 5 minutes, you tend to wonder when will they stop :)
Regards and happy holidays
George
More information about the freebsd-stable
mailing list