lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: hdw at kallisti.se (Anders B Jansson)
Subject: Silent Fixes (was GAYER THAN AIDS ADVISORY
 #01: IE 5 remote code execution)

Leif Sawyer wrote:
> gabriel rosenkoetter writes:
> 
>>[... blah blah ...] Hell, do we expect Linux or NetBSD
>>[ to tell us about every buffer overflow they fix? ]
 >
> Yes, every freaking buffer overflow they fix is discussed.
> In fact, nearly every change made to the kernel is discussed
> at some point.  And it's all documented as to whom the person
> was what inserted the code in the first place, and who fixed it.
> 
> Responsible?  Check.
> Open?  Check.
> The way it _should_ be?  Check.
> 
> Caveat: I don't subscribe to any BSD lists, but I can infer that
>  they have a similar process in place.
It's on the lists, and here http://openbsd.org/plus.html

Just as it should, gives me as admin the data, and pointers to more 
data, I _need_ to decide when I should roll a new updated release.

_My_ systems, _my_ decision when and what to patch.

Son of Caveat: I don't how other *BSDs do it, but I'd be highly amazed 
if they didn't do it more or less the same way.
// hdw

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ