| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030917092043.GA99814@sherlock.clues.com> From: matt at clues.com (Matt Collins) Subject: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability On Tue, Sep 16, 2003 at 02:08:48PM -0700, kernelclue@...hmail.com wrote: > OpenSSH runs on a number of platforms, Windows included. To say this > reflects on GNU/Linux or any Linux distro is just nonsense. He wasn't. He was suggesting the utility of bug-discussion lists is reduced by having the same bug reported multiple times by every vendor out there. It wasnt anything to do with the OpenSSH issue. I tend to agree - if you want redhat patches subscribe to their security mailing list. If redhat find a new bug, they of course should post it to bugtraq, full disclosure, or their communications medium of choice. It isnt particularly useful for a cross platform research/discussion list to be flooded with 7 software release announcements for the same bug, though. Even if there is an argument that a central clearing house for patch releases is a useful thing, splitting out 'initial notification' (this bug exists in funny_mail) from 'patch release' (vendors 1 2 3 4 ... 1000 have a patch for their packaged version of funny_mail!) makes both lists more readable and more useful. Such a gain in utility might even increase contribution; if instead of having to dedicate hours to 'eyeballing' out the repeated messages with no new information beyond a URL for download of a particular precompiled patch the list became more useful 'raw' information, it would become much easier to regularly partake of it. YMMV of course. Matt
Powered by blists - more mailing lists