joseBIOCSERVER.BIOC.CWRU.EDU

• Next message: Paul Szabo: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
• Previous message: McAllister, Andrew: "Re: Oracle WebDb engine brain-damagse"
• In reply to: Dan Harkless: "Re: OpenBSD remote root"
• Next in thread: Matt Power: "listing of vendor's security-announcement lists"
• Next in thread: Theo de Raadt: "Re: OpenBSD remote root"
• Reply: Jose Nazario: "Re: OpenBSD remote root"
• Reply: Matt Power: "listing of vendor's security-announcement lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Dec 2000, Dan Harkless wrote:

> This has been argued before, but many think that OpenBSD's policy of
> not having a specific security announcement mailing list is rash and
> is poor security policy. It's great to say that someone should "check
> the webpage more often", but obviously not everyone can watch it every
> instant.

there is the list security-announceopenbsd.org which works fine. its how
i first heard about the FPd problem. very low traffic.

i have said it before and i will say it again: you should be on every
security list your vendor puts out. nearly every vendor has one. some are
just busier than others.

____________________________
jose nazario josecwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

• Next message: Paul Szabo: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
• Previous message: McAllister, Andrew: "Re: Oracle WebDb engine brain-damagse"
• In reply to: Dan Harkless: "Re: OpenBSD remote root"
• Next in thread: Matt Power: "listing of vendor's security-announcement lists"
• Next in thread: Theo de Raadt: "Re: OpenBSD remote root"
• Reply: Jose Nazario: "Re: OpenBSD remote root"
• Reply: Matt Power: "listing of vendor's security-announcement lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]