OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: BIND update?

From: Josh Mason (wtf.mattersgmail.com)
Date: Wed Jul 09 2008 - 12:27:06 CDT


On 7/9/08, Remko Lodder <remkofreebsd.org> wrote:
> Remko Lodder wrote:
> > Josh Mason wrote:
> >
> > Thanks, you really showed how you are by sending these replies. I wish you
> goodluck with your quest, perhaps someday someone can help you.
> >
> > Goodbye.
> >
> >
>
> Hi,
>
> I am sorry for this reply, it was an expression of my frustation towards
> you. The frustation is just easily generated by people demanding support
> from volunteers, that are trying to service you and others in their own
> spare time. Time that they can also spend on different items, yet we
> crazy people decide to work on a Free Operating System, getting nothing
> payed for it, only happy users (Where possible) around us.
>
> I think you can understand my frustration, because I think you would reply
> the same if someone demanded even more free time from you.
>
> I hope you can understand this.
>
> //Remko
>

I completely understand and took no offence from your previous email -
I know I am being confrontational. I myself have been in that position
many a time before and know exactly how it feels. Unfortunately that
doesn't negate the responsibility of the security team to produce
patches quickly.

The initial response of "the sec team is aware of the situation and
will investigate" was basically just fluff. If you weren't already
aware of it you aren't much of a sec team. What is needed is an
expected delivery. I would say considering the nature of the exploit
but honestly that shouldn't change anything at all. If the delivery
isn't going to be immediate there should always be an ETA provided. If
for nothing else other than so your users can plan around it (i.e.
"this is too long I need to take action myself" - "or X time or date
is sufficient I'll wait for the official release and apply it then").
Without that people are twiddling their thumbs wondering if there is
ever going to be one.

      Josh
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"