Re: DJB's students release 44 *nix software vulnerability advisories
From: Artem Chuprina (ran_at_ran.pp.ru)
Date: 12/21/04
- Previous message: Marcus Meissner: "SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)"
- In reply to: D. J. Bernstein: "Re: DJB's students release 44 *nix software vulnerability advisories"
- Next in thread: Stephen Samuel: "Re: DJB's students release 44 *nix software vulnerability advisories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Tue, 21 Dec 2004 19:53:35 +0300
D. J. Bernstein -> bugtraq@securityfocus.com @ 18 Dec 2004 04:25:11 -0000:
>> In each case, Professor Bernstein notified the author of the
>> vulnerable package on Dec 15 via e-mail. This mail hit Bugtraq on the
>> 16th, giving one day for vendors to provide fixes.
DJB> Actually, I sent all of these notifications to the public
DJB> securesoftware mailing list (http://securesoftware.list.cr.yp.to)
DJB> at the same time that I sent them to the authors. It certainly
DJB> wasn't my intention to give the authors an extra day of
DJB> self-delusion.
Was it your intention not to give _users_ of their programs an extra
time of not being _widely_ attacked? While you certainly cannot offer
them alternative software for their tasks - of your own programs only
ezmlm with third-party patches is more than proof of concept. We need
software that does the work, not only one that demonstrates that the
work can be done in principle.
--
Artem Chuprina
RFC2822: <ran{}ran.pp.ru> Jabber: ran@jabber.ran.pp.ru
- Previous message: Marcus Meissner: "SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)"
- In reply to: D. J. Bernstein: "Re: DJB's students release 44 *nix software vulnerability advisories"
- Next in thread: Stephen Samuel: "Re: DJB's students release 44 *nix software vulnerability advisories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
