RE: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Matt Collins [mailto:matt () clues com] 
> Sent: Wednesday, September 17, 2003 4:21 AM
> To: kernelclue () hushmail com
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Re: [RHSA-2003:279-01] Updated 
> OpenSSH packages fix potential vulnerability
>
> I tend to agree - if you want redhat patches subscribe to 
> their security mailing list. If redhat find a new bug, they of course 
> should post it to bugtraq, full disclosure, or their 
> communications medium 
> of choice.
Now we're back to the same silly discussion we have every time list
traffic goes up.  Filter, fer cryin' out loud, and be done with it.
Utility of a list is entirely a beast of your own creation.  The list is
a useful or useless as you make it, by the way that you use it.

Just think how much fun it is for someone who has to be concerned about
*numerous* systems to have to subscribe to *every* security annoucement
list for *every* vendor rather than simply getting all the messages on
one list - this one.  Every coin has two sides.

The thing that surprises me about *this* argument is that the very
people who ought to be the most competent at appropriate filtering are
the very ones complaining about "list flood" from "Linux" vendors (never
mind the fact that this one affects damn near every platform in the
world, including Mac OS X and Windows.)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html