Hi, I would like to see more security announcements by SuSE. There is usually sooner or later an update on the FTP server and then a couple of days later there is an announcement. There is for instance this file: --------------------------------------------- ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/modules-2.3.11-73.i386_en.info Description: Security bug fixed Date: Fri 10 Nov 2000 05:36:25 PM CET --------------------------------------------- What I would like to see is a) A quick announcement if a program shipped with SuSE is vulnerable and how this can be fixed as a workaround: remove suid bit, deinstall program etc. I rare see this happen (execept: "Not vulnerable") b) The fix itself. This usually happens -- sometimes very quick, but sometimes it takes rather long. If I compare it with FreeBSD, SuSE releases only very few announcements; I'd really see more announcements since this would save me the time to read Bugtraq ;-) (FreeBSD had e.g. recently "TOP", first announcement: remove suid bit, second announcement: fix is ready for cooking. Depending on the environment one *can* choose whether waiting for a fix or applying the workaround is the better solution.) By the way, what is with: - Bind - Pine (someone at SuSE is testing this infamous WU program, say Roman) - top ? - getnameinfo denial-of-service ? - dump ? - xfce ? - tcpdump I'm sure that there might be some messages which I overlooked (e.g. SuSE not-vulnerable or not listed above). Tobias PS: Compared with the situation a year ago, security issues are now on a higher agenda of SuSE, but you always want to have a little bit more ;-) -- This above all: To thine own self be true / And it must follow as the night the day / Thou canst not then be false to any man