Full Disclosure mailing list archives
Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
From: Len Rose <len () netsys com>
Date: Wed, 17 Sep 2003 08:47:04 -0400
I disagree. We view this list as an information source, and we have encouraged everyone to send notices like these to the list. If you don't like it, please use a filter to nuke that entity's mail. Procmail is your friend! Rodrick Brown said:
I tend to agree with the author the vendor spamming is getting ridiclous 90% of there users dont even read securitylists, and its very redundant and silly to have 6 to 10 vendors spam mailinglists with patches to a exploited application we have been discussing for months. I dont see why most moderators dont ban emails like this, if your users want to be notified of new patches they should join security () vendor com
[snip] Matt Collins said:
I tend to agree - if you want redhat patches subscribe to their security mailing list. If redhat find a new bug, they of course should post it to bugtraq, full disclosure, or their communications medium of choice. It isnt particularly useful for a cross platform research/discussion list to be flooded with 7 software release announcements for the same bug, though. Even if there is an argument that a central clearing house for patch releases is a useful thing, splitting out 'initial notification' (this bug exists in funny_mail) from 'patch release' (vendors 1 2 3 4 ... 1000 have a patch for their packaged version of funny_mail!) makes both lists more readable and more useful.
[snip] If anything could ever be considered a single source for security information, we strive to be as close to reaching that (impossible) goal as we can achieve. If this means that we get security announcements from six vendors about fixing the same thing we're very happy to see that information. We like to think it's another data point that can be used when facing daily security issues ranging from running a few systems at home to securing a large organization. (one that just might have six different vendor's linux implemented) In fact, any vendor not currently sending security information to this list is encouraged and welcomed to do so. Full Disclosure is not only a discussion list although that activity seems to dominate at times. It's very much an announcement list for researchers and vendors and we feel that functionality is invaluable to all. Cheers, Len _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability bugzilla (Sep 16)
- Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Dave Monk (Sep 16)
- <Possible follow-ups>
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability bugzilla (Sep 16)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability kernelclue (Sep 16)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Matt Collins (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Jedi/Sector One (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Nigel Houghton (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Matt Collins (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Brown, Rodrick (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Len Rose (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Valdis . Kletnieks (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Damian Gerow (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Bojan Zdrnja (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Schmehl, Paul L (Sep 17)