Bugtraq mailing list archives

Re: OpenBSD remote root

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Wed, 20 Dec 2000 16:03:46 -0500

On Tue, 19 Dec 2000, Dan Harkless wrote:

This has been argued before, but many think that OpenBSD's policy of
not having a specific security announcement mailing list is rash and
is poor security policy.  It's great to say that someone should "check
the webpage more often", but obviously not everyone can watch it every
instant.


there is the list security-announce () openbsd org which works fine. its how
i first heard about the FPd problem. very low traffic.

i have said it before and i will say it again: you should be on every
security list your vendor puts out. nearly every vendor has one. some are
just busier than others.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

OpenBSD remote root Typo Princep (Dec 18)
- Re: OpenBSD remote root joshua stein (Dec 19)
- Re: OpenBSD remote root Emre (Dec 19)
  - Re: OpenBSD remote root Dan Harkless (Dec 20)
    - Re: OpenBSD remote root Jose Nazario (Dec 20)
    - Re: OpenBSD remote root Dan Harkless (Dec 21)
    - listing of vendor's security-announcement lists Matt Power (Dec 22)
  - Re: OpenBSD remote root David Damerell (Dec 20)
- <Possible follow-ups>
- Re: OpenBSD remote root Theo de Raadt (Dec 21)