Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Fw: [suse-security] SuSE Security Announcement - make-3.77
Here's the way I see about new bugs, they've been there for who knows how
long, maybe since the beginning or since the last update/patch. That means
it could have been days, weeks or years that this bug has been there, why
does it matter if you don't know for a few more days, it's not like they
find it and all the sudden ALL the crackers know about it. So what if you
don't know for a few more days, it gives the author time to fix the bug, and
then post the new version/patch, so then inform you and all the crackers
that the bug exists. What if there is no workaround other than to take down
the entire box until the fix is available, then what, you're SOL? I'd rather
not know about it for a few days, have an update available, then be informed
so I know that it wasn't public knowledge so others could exploit me.



"He who fights with monsters should look to it that he himself does not
become a monster...when you gaze long into the abyss the abyss also gazes
into you." -Friedrich Nietzsche

"Push and you will find resistance, lead and you will find followers" -
Unknown Author


----- Original Message -----
From: "Petri Sirkkala." <petes@xxxxxxxxxxxxx>
To: "SuSE Security" <suse-security@xxxxxxxx>
Sent: Monday, February 28, 2000 6:33 AM
Subject: Re: [suse-security] SuSE Security Announcement - make-3.77


>
> On Mon, 28 Feb 2000, Fred Mobach wrote:
>
> > Thomas Michael Wanka wrote:
> >
> > > On 28 Feb 00, at 9:06, Andre Poenitz wrote:
> > >
> > > > That's simply not possible. So this approach is not feasible IMHO.
> > > > Full disclosure is sometimes problematic but works rather well in
> > > > general. I'd never trust anybody who is saying 'well, I know of a
> > > > problem of yours, but I won't tell you'.
> ...
>
> This is not the discussion I subscribe to this list for. Stop now or I
> ignore you for time being.
> -Pete
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >
List Navigation