Re: OpenBSD remote root

[Dan Harkless <dan-bugtraq () DILVISH SPEED NET>]

Jose Nazario <jose () biocserver BIOC CWRU Edu> writes:
> On Tue, 19 Dec 2000, Dan Harkless wrote:
>
> > This has been argued before, but many think that OpenBSD's policy of
> > not having a specific security announcement mailing list is rash and
> > is poor security policy.  It's great to say that someone should "check
> > the webpage more often", but obviously not everyone can watch it every
> > instant.
>
> there is the list security-announce () openbsd org which works fine. its how
> i first heard about the FPd problem. very low traffic.

Sorry, last time I checked out OpenBSD they didn't have such a list, and
rather forced you to actively check the web page, as the message I replied
to was suggesting.  This list must be pretty new -- I just checked out all
four OpenBSD mailing list archive sites, and none of them have an archive of
it.

> i have said it before and i will say it again: you should be on every
> security list your vendor puts out. nearly every vendor has one. some are
> just busier than others.

Yup, agree completely.  Hopefully this post will alert some people to the
fact that that list exists now.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.