[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0309170959400.508@ragrecevfr.fsrat.fbheprsver.pbz>
From: nigel at sourcefire.com (Nigel Houghton)
Subject: Re: [RHSA-2003:279-01] Updated OpenSSH packages
fix potential vulnerability
Around Yesterday kernelclue@...hmail.com said:
k :OpenSSH runs on a number of platforms, Windows included. To say this
k :reflects on GNU/Linux or any Linux distro is just nonsense.
I don't think that's the point. Hopefully he's complaining in a humorous
manner about the number of notices sent to the list from various vendors
each time they fix a port/package or any other issue with the os.
I too get annoyed with these people, they should run their own security
notifications/announcements lists and inform their users they should sign
up to get notified of fixes/updates. Why any of them should need to spam
this list is beyond me, I have never seen an official M$ or *BSD security
update mail sent here. It's not just this list either, they send to quite
a number, Bugtraq being a prime example.
I would prefer they cease this practice, it would cut down on noise. Now
after contributing to the noise on the list, I'll shut up now.
k :
k :On Tue, 16 Sep 2003 11:29:30 -0700 Dave Monk <dave@...maneater.com> wrote:
k :>Recent security advisories featuring the operating system known as
k :>'GNU/Linux' (formerly minix) has had a negative effect on the
k :>listserv.
k :>
k :>The problem stems from the polymorphic, virus-like phenomenon also
k :>known as the 'Linux distro', the Linux distro allows any single
k :>permutation of a base Linux install (such as location of the mail
k :>spool) to actually qualify and require an entire new operating
k :>system distribution. At this point in time there are over 50
k :>distros out there.
k :>
k :>The cascade failure effect is that the minute a hole or flaw in
k :>a
k :>base Linux subsystem such as the kernel or system tools immediately
k :>causes a flood of 'vendor' emails sent to bugtraq describing each
k :>way to disable/upgrade the broken feature on their OS.
k :>
k :>The effect is that the 'signal to stupid-linux-bug ratio' on the
k :>lists gets completely out of whack thereby diluting the utility
k :>of the list.
k :>
k :>Solutions:
k :>
k :> None. (how do you expect to stop a tidal wave of suicidal VC money?)
k :>
k :>Workarounds:
k :>
k :>1) All advisories should be filtered through RMS, which would achieve
k :> the desired effect of delaying their posting indefinitely.
k :>2) All such advisories should be prefixed by '[YASLB]' in the subject
k :>line
k :> (yet another stupid linux bug) so I can filter this stupid crap.
k :>
k :>thanks,
k :>everyone
k :>
k :>
k :>bugzilla@...hat.com (bugzilla@...hat.com) wrote:
k :>> -----BEGIN PGP SIGNED MESSAGE-----
k :>> Hash: SHA1
-------------------------------------------------------------
Nigel Houghton Security Research Engineer Sourcefire Inc.
Vulnerability Research Team
"Mankind hasn't even got the technology to create a toupee
that doesn't get big laughs." -- Lister
Message dated: Sep 17
Powered by blists - more mailing lists