Re: MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability

[Vincent Danen <vdanen () mandrakesoft com>]

On Jan 25, 2005, at 22:57, Rembrandt wrote:

> On Tue, 25 Jan 2005 21:51:01 -0700
> Mandrake Linux Security Team <security () linux-mandrake com> wrote:
>
> Dear Mandrake Linux Security Team,
> Why can't you spam another mailinglist?
> Or create an own for your PATCHES....
>
> It nerves to get more then one mail from you at month.
> How do you provide something?
> Codes? ProofOfConcep-Exploits?
> You just write "We fixed..."
> Or in other words "Hey guys there's something wrong with a package
> related to our OS."
>
> If MS would send every patch they wrote a mail to this mailinglist the
> list-owner would kickout MS for that.
> I don't know why it should be different for you or any other OS.

Hmmm... like many other vendors, we "spam" a number of mailing lists 
(FD, bugtraq (when they feel like putting new messages through), and 
our own security-announce list).  Do you rant at Gentoo, Debian, 
Ubuntu... (the list goes on) as well?

Anyways, you seem to be a moderately intelligent person so why don't 
you setup a filter in sylpheed to send all mail from 
security () linux-mandrake com to /dev/null?  Should be pretty 
straightforward.  That way you don't have to get "nerved" and the 
people who do appreciate the advisories can continue to receive them.

If the list owners asked us to stop, we would respectfully do it.  But, 
since you're asking, I think I'll just leave it up to you to figure out 
how to filter mail (it's a fairly amazing concept once you get it 
figured out).

--
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html