[nycbug-talk] Security alerts to the list, good idea or waste of time?

Scott Robbins scottro
Sun Nov 21 17:32:33 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As most if not all of you know, there was a recent vulnerablity in the
fetch program, announced the 18th.  I had a completely hectic day that
day, and didn't check some of the sites I usually check, therefore, I
didn't know about this vulnerabilty till the next day.

In this case, no production boxes were fetching anything, but of course,
they could have been for whatever reason.

I wonder if you folks think it's a good idea that vulnerabilities get
posted to this list, perhaps with security alert in the subject line.  I
don't always read each item in my nycbug mailbox, but such a subject
line would catch my attention.

So, what do you folks think?  Is this just filling up people's mailboxes
with something that we should all be checking ourselves, anyway, at
least in a perfect world?




- -- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Cordelia: I came over here to tell Buffy to stop this
craziness, and 
found you all unconscious--again. How many times have you been
knocked out, anyway? I swear, one of these times, you're going
to wake up in a coma.
Giles: Wake up in a...? Oh, never mind. We need to save Buffy from 
Hansel and Gretel.
Cordelia: Now, let's be clear. The brain damage happened before I hit
you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBoReB+lTVdes0Z9YRAs/zAKCdAclSyKTRZhwUVA4R3Y0Ef2TiUwCeKEam
LhGp2hv+amBW3VdI5kaLaYw=
=S41N
-----END PGP SIGNATURE-----




More information about the talk mailing list