Full Disclosure mailing list archives
RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability
From: "Brown, Rodrick" <rbrown () doitt nyc gov>
Date: Wed, 17 Sep 2003 07:31:24 -0400
I tend to agree with the author the vendor spamming is getting ridiclous 90% of there users dont even read securitylists, and its very redundant and silly to have 6 to 10 vendors spam mailinglists with patches to a exploited application we have been discussing for months. I dont see why most moderators dont ban emails like this, if your users want to be notified of new patches they should join security () vendor com ________________________________ From: full-disclosure-admin () lists netsys com on behalf of Matt Collins Sent: Wed 9/17/2003 5:20 AM To: kernelclue () hushmail com Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability On Tue, Sep 16, 2003 at 02:08:48PM -0700, kernelclue () hushmail com wrote:
OpenSSH runs on a number of platforms, Windows included. To say this reflects on GNU/Linux or any Linux distro is just nonsense.
He wasn't. He was suggesting the utility of bug-discussion lists is reduced by having the same bug reported multiple times by every vendor out there. It wasnt anything to do with the OpenSSH issue. I tend to agree - if you want redhat patches subscribe to their security mailing list. If redhat find a new bug, they of course should post it to bugtraq, full disclosure, or their communications medium of choice. It isnt particularly useful for a cross platform research/discussion list to be flooded with 7 software release announcements for the same bug, though. Even if there is an argument that a central clearing house for patch releases is a useful thing, splitting out 'initial notification' (this bug exists in funny_mail) from 'patch release' (vendors 1 2 3 4 ... 1000 have a patch for their packaged version of funny_mail!) makes both lists more readable and more useful. Such a gain in utility might even increase contribution; if instead of having to dedicate hours to 'eyeballing' out the repeated messages with no new information beyond a URL for download of a particular precompiled patch the list became more useful 'raw' information, it would become much easier to regularly partake of it. YMMV of course. Matt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability bugzilla (Sep 16)
- Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Dave Monk (Sep 16)
- <Possible follow-ups>
- [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability bugzilla (Sep 16)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability kernelclue (Sep 16)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Matt Collins (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Jedi/Sector One (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Nigel Houghton (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Matt Collins (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Brown, Rodrick (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Len Rose (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Valdis . Kletnieks (Sep 17)
- Re: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Damian Gerow (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Bojan Zdrnja (Sep 17)
- RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability Schmehl, Paul L (Sep 17)