At 12:22 PM 7/1/2002, Jacques A. Vidrine wrote:

>Gee, I guess we better get cracking to take offline every previous
>version of libc, too --- which would mean every version of FreeBSD and
>who knows what else.

Alas, ethics demand that they be either taken offline or accompanied
with a clear, visible, and strong warning.

And if compatibility libraries are offered, then yes -- they
absolutely should be patched.

If you don't, you're distributing vulnerable software, which is
not ethical.

>How about you help out by enumerating every copy on the Internet,
>along with contact information for each?

As if you could take those down. But what you *CAN* do is take
down vulnerable software and/or accompany by an impossible-to-miss
warning.

A snapshot of 4.6-STABLE should also be made and released as 4.6.1.

--Brett

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]