Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath
From: Mike Hoskins (mike_at_adept.org)
Date: Mon, 4 Aug 2003 16:13:37 -0700 (PDT) To: firstname.lastname@example.org
On Mon, 4 Aug 2003, Jacques A. Vidrine wrote:
> > May I suggest that in future, when a release is not vulnerable due to
> > code rewrites or similar, this fact be explicitly mentioned. IMHO,
> > it's far better to err on the side of caution when dealing with
> > security issues.
That's true, but I can also see KISS. If you add more data than
absolutely needed, confusion may also arise. I'm not defending either
viewpoint (or saying that'd occur in this case), just pointing out
possible motivations for the current format.
> I think that if one takes the `Affects' lines (and the rest of the
> advisory) at face value, without second-guessing, that it is crystal
> clear what versions of FreeBSD are affected. But of course I would
By now I would have hoped something as crucial as security advisories for
well-accepted operating systems would be fairly standardized. Of course,
some "vendor customization" is to be expected/needed, but is it flame bait
to ask "What do all the big boys do?" By that, I simply mean, how are the
advisories for things like Solaris, IRIX, HP-UX, etc. handled? Wouldn't
it behoove everyone if advisories were as "familiar" as possible? Along
those lines, I'd expect to see similar field labels, content, etc. If
that's just plain silly, it wouldn't be the first time my expectations
were wrong... But it does seem like fairly common sense.
-- From: "Spam Catcher" <email@example.com> To: firstname.lastname@example.org Do NOT send email to the address listed above or you will be added to a blacklist! _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "firstname.lastname@example.org"