lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0309170959400.508@ragrecevfr.fsrat.fbheprsver.pbz>
From: nigel at sourcefire.com (Nigel Houghton)
Subject: Re: [RHSA-2003:279-01] Updated OpenSSH packages
 fix potential vulnerability

Around Yesterday kernelclue@...hmail.com said:

k :OpenSSH runs on a number of platforms, Windows included.  To say this
k :reflects on GNU/Linux or any Linux distro is just nonsense.

I don't think that's the point. Hopefully he's complaining in a humorous
manner about the number of notices sent to the list from various vendors
each time they fix a port/package or any other issue with the os.

I too get annoyed with these people, they should run their own security
notifications/announcements lists and inform their users they should sign
up to get notified of fixes/updates. Why any of them should need to spam
this list is beyond me, I have never seen an official M$ or *BSD security
update mail sent here. It's not just this list either, they send to quite
a number, Bugtraq being a prime example.

I would prefer they cease this practice, it would cut down on noise. Now
after contributing to the noise on the list, I'll shut up now.

k :
k :On Tue, 16 Sep 2003 11:29:30 -0700 Dave Monk <dave@...maneater.com> wrote:
k :>Recent security advisories featuring the operating system known as
k :>'GNU/Linux' (formerly minix) has had a negative effect on the
k :>listserv.
k :>
k :>The problem stems from the polymorphic, virus-like phenomenon also
k :>known as the 'Linux distro', the Linux distro allows any single
k :>permutation of a base Linux install (such as location of the mail
k :>spool) to actually qualify and require an entire new operating
k :>system distribution.  At this point in time there are over 50
k :>distros out there.
k :>
k :>The cascade failure effect is that the minute a hole or flaw in
k :>a
k :>base Linux subsystem such as the kernel or system tools immediately
k :>causes a flood of 'vendor' emails sent to bugtraq describing each
k :>way to disable/upgrade the broken feature on their OS.
k :>
k :>The effect is that the 'signal to stupid-linux-bug ratio' on the
k :>lists gets completely out of whack thereby diluting the utility
k :>of the list.
k :>
k :>Solutions:
k :>
k :>  None. (how do you expect to stop a tidal wave of suicidal VC money?)
k :>
k :>Workarounds:
k :>
k :>1) All advisories should be filtered through RMS, which would achieve
k :>   the desired effect of delaying their posting indefinitely.
k :>2) All such advisories should be prefixed by '[YASLB]' in the subject
k :>line
k :>   (yet another stupid linux bug) so I can filter this stupid crap.
k :>
k :>thanks,
k :>everyone
k :>
k :>
k :>bugzilla@...hat.com (bugzilla@...hat.com) wrote:
k :>> -----BEGIN PGP SIGNED MESSAGE-----
k :>> Hash: SHA1

-------------------------------------------------------------
Nigel Houghton   Security Research Engineer   Sourcefire Inc.
                 Vulnerability Research Team

"Mankind hasn't even got the technology to create a toupee
that doesn't get big laughs." -- Lister

Message dated: Sep 17


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ