|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Silent Fixes (was GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution)
From: Anders B Jansson (hdw
kallisti.se)
Date: Wed Feb 18 2004 - 15:15:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Leif Sawyer wrote:
> gabriel rosenkoetter writes:
>
>>[... blah blah ...] Hell, do we expect Linux or NetBSD
>>[ to tell us about every buffer overflow they fix? ]
>
> Yes, every freaking buffer overflow they fix is discussed.
> In fact, nearly every change made to the kernel is discussed
> at some point. And it's all documented as to whom the person
> was what inserted the code in the first place, and who fixed it.
>
> Responsible? Check.
> Open? Check.
> The way it _should_ be? Check.
>
> Caveat: I don't subscribe to any BSD lists, but I can infer that
> they have a similar process in place.
It's on the lists, and here http://openbsd.org/plus.html
Just as it should, gives me as admin the data, and pointers to more
data, I _need_ to decide when I should roll a new updated release.
_My_ systems, _my_ decision when and what to patch.
Son of Caveat: I don't how other *BSDs do it, but I'd be highly amazed
if they didn't do it more or less the same way.
// hdw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]