Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] Security announcements
  • From: cogNiTioN <cognition@xxxxxxxxxxx>
  • Date: Tue, 7 Mar 2000 16:44:03 +0000 (GMT)
  • Message-id: <Pine.LNX.4.10.10003071624020.8739-100000@xxxxxxxxxxxxxxxxx>
On Tue, 7 Mar 2000, Christoph Wegener wrote:

> Hi,
> perhaps you should STOP this discussion now?!?
>
> ***This is a SECURITY mailing-list!***

Exactly.

This is a discussion that is VERY relevent to security. Presumably you're
on this list to be informed of security problems/fixes with your SuSE
installation? I believe that the fact security problems could be with held
from the public for upto a month, because it "seems fair" to the vendor is
relevent to all those on this list.

And to those people bashing SuSE, it isn't just them, I'm not sure to what
extent they do so, but I've spoken to a few people who post announcements
to BugTraq, and it appears that it is standard practice to leave the user
vunerable while the vendor is contacted.

I also think that this discussion is getting a bit stale. It seems that no
new ground is being covered.

What I am planning on doing is talking to a few other people (I've not
seen any SuSE representative post on this topic, but would be interested
if they could contact me off list), and as soon as I have the chance
writting up an article with my conclusions about what currently happens
and what changes (if any) I feel should be made.

Are there any objections if I take some quotes from posts here?

Thanks,

/cog


< Previous Next >
List Navigation
References