[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD/Errata/BUGTraq et al.

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: OpenBSD/Errata/BUGTraq et al.
From: Dave Taira <bodhi_(_at_)_hagakure_(_dot_)_org>
Date: Wed, 18 Oct 2000 13:06:38 -0700 (PDT)

On Wed, 18 Oct 2000 amanda_(_at_)_wineasy_(_dot_)_se wrote:

> On Wed, 18 Oct 2000, Toni Mueller wrote:
> > I dodn't understand how this came up, and especially the connection
> > to Bugtraq, but want to throw my 2 cents in:
> 
> It came up because some users (me included) thought that the OpenBSD core
> did not really care if mere mortals can keep their servers secure. You
> have to read about an OpenBSD exploit on Bugtraq or errata.html that the
> developers already knew about. The recommended action on errata is to
> patch and compile the source, which is non-trivial if you have never done  
> it. When I (and Alex_(_at_)_zedz iirc) suggested that RedHat handles exploit
> warnings better (partly because they have lots more experience in that 
> department ;-) then we just get laughed at.

I will put forth an analogy which is over the top, and rather silly,
but which I suspect reflects feelings (if not strict reality).

[Bad OSen]
"There's a big crack in this dam, water is pouring out, and huge chunks
of concrete are falling."
"Please upgrade to Dam 3.14159(tm), which addresses this problem."

[Better OSen]
"There's a hole in this dam, and water is leaking through."
"Take your finger and stick it in the hole."

[OpenBSD]
"This dam is vulnerable to an attack theorized by Scotty and confirmed
by Data[0]."
"Fixed 6 months ago, along with several other bugs. Here's a patch."

I don't think anyone was laughing at "RedHat has slicker security
bulletins with one-line fixes". I think they were laughing at "Maybe
I should switch to RedHat since they've got so much more experience
with security bulletins."

[0] Star Trek reference. So sue me.

+------------------------------------------------------------------------+
| Dave Taira <bodhi_(_at_)_hagakure_(_dot_)_org>                2000.10.18/13:06:38 PDT |
+------------------------------------------------------------------------+
| "One less mouth to feed is one less mouth to feed!"                    |
|                                              --Most Holy, Pope Cerebus |
+------------------------------------------------------------------------+

References:
- Re: OpenBSD/Errata/BUGTraq et al.
  - From: amanda

Prev by Date: RE: OpenBSD/Errata/BUGTraq et al.
Next by Date: Re: panic on athlon and DFI board
Previous by thread: Re: OpenBSD/Errata/BUGTraq et al.
Next by thread: Re: OpenBSD/Errata/BUGTraq et al.
Index(es):
- Date
- Thread

Visit your host, monkey.org