Full Disclosure mailing list archives

Re: Silent Fixes (was GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution)

From: Anders B Jansson <hdw () kallisti se>
Date: Wed, 18 Feb 2004 22:15:43 +0100

Leif Sawyer wrote:

gabriel rosenkoetter writes:

[... blah blah ...] Hell, do we expect Linux or NetBSD
[ to tell us about every buffer overflow they fix? ]

Yes, every freaking buffer overflow they fix is discussed.
In fact, nearly every change made to the kernel is discussed
at some point.  And it's all documented as to whom the person
was what inserted the code in the first place, and who fixed it.

Responsible?  Check.
Open?  Check.
The way it _should_ be?  Check.

Caveat: I don't subscribe to any BSD lists, but I can infer that
 they have a similar process in place.

It's on the lists, and here http://openbsd.org/plus.html

Just as it should, gives me as admin the data, and pointers to moredata, I _need_ to decide when I should roll a new updated release.


_My_ systems, _my_ decision when and what to patch.

Son of Caveat: I don't how other *BSDs do it, but I'd be highly amazedif they didn't do it more or less the same way.

// hdw

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Silent Fixes (was GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution) Leif Sawyer (Feb 18)
- Re: Silent Fixes (was GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution) Anders B Jansson (Feb 18)
- Re: Silent Fixes (was GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution) Michal Zalewski (Feb 18)
- Re: Silent Fixes (was GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution) gabriel rosenkoetter (Feb 18)