OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Displacement of Blame[tm]
From: Justin Wolf (jjwolfbleeding.com)
Date: Thu Jul 13 2000 - 17:47:30 CDT

> Except that we specifically modify ports to fit our environment
> ...

Ah, I didn't realize any changes beyond just making it compile werre
made. In the case of 'mrg' I would hold that FreeBSD had the bug, not
mrg, so therefore it doesn't really apply to this thread.

I'm all for encouraging the value-add side of FBSD. I've been a proponent
of it for many years and have seen it slip in favor to Linux due to the
preceived "It's hard to use, it's not supported" reputation it has. So I
wouldn't recommend pulling ports, but would instead, as you suggest,
better educate the users to the liability of installing pre-compiled 3rd
party software. Not that RTFM has ever worked in the past, but...

> Let's see -- we could just release software advisories for other people's
> software without discussing the relationship with FreeBSD, and appear just
> like the attention-grabbing pseudo-legitimate security organizations out
> there, or we could take responsibility for software we prepare, integrate,
> and distribute.

I didn't say we shouldn't take responsibility for things which are
obviously due to FBSD's work. I was talking under the context that the
fault was with the base code and had nothing to do with FBSD at all - the
case where EVERY instance of the software had the same problem under ANY
OS. This is still providing an advisory service to our users, and
simultaneously doesn't provide anti-FBSD fodder for the less educated.

Anyway... I think this is starting to deviate from the initial problem.

-Justin

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message