Unix Technical Forum

Re: Messages to the security-announce

This is a discussion on Re: Messages to the security-announce within the mailing.openbsd.tech forums, part of the OpenBSD category; --> Surely folks are not suggesting that every patch is worthy of a posting to a security-announce mailing list? The ...


Go Back   Unix Technical Forum > Unix Operating Systems > OpenBSD > mailing.openbsd.tech

Re: Messages to the security-announce Re: Messages to the security-announce

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-18-2008, 07:44 AM
Daniel Boulet
 
Posts: n/a
Default Re: Messages to the security-announce
Surely folks are not suggesting that every patch is worthy of a posting to
a security-announce mailing list? The only notices that should go to such
a list are those which "announce" security-related patches (and, as
suggested earlier, it does take a bit more effort to both decide what
patches should get sent to a security-announce list and how said patches
should be described). Leaving it up to individual developers to decide and
to write the notices sounds like a good way to get admins to unsubscribe
from the list.

A security-announce list really should be edited by someONE. Doing it as a
committee is almost certainly doomed to failure.

Theo is at least half right - delete the list if it isn't going to be done
right. Alternatively, do it right.

-Danny

--On April 6, 2005 14:19 -0500 Chris Black <cblack@eragen.com> wrote:

> STeve Andre' wrote:
>
>> On Wednesday 06 April 2005 17:12, Chris Mika wrote:
>>
>>
>>> announce@ isn't for security announcements, it serves its own purpose.
>>> If you're suggesting that security announcements were sent out over that
>>> list, they weren't, check the archives.
>>>
>>> Again, OpenBSD seems to be proactive about security with everything
>>> except alerting admins to patches.
>>>
>>>
>>>
>> [snip]
>>
>> How much time does it take to visit the proper page each day, to check
>> for yourself? I do that nearly every day, along with looking at the
>> journal, press stuff and bug reports.
>>
>> If it were hard to look for updates, that would be one thing, but it
>> isn't. Just check a page and you'll know. This doesn't belong on tech,
>> either.
>>
>> --STeve Andre'
>>
>>
>>
> I think what the original poster (and many others, including myself)
> would like to see is a change to the procedure so that every time a patch
> goes into the patch branch and shows up in errata.html, an email message
> is sent out to security-announce. This seems reasonable to me and the
> only downside I see is the extra time it takes the developers to send out
> the email (which I would think would be short and similar to the amount
> of time updating errata.html). This can be compared with the
> time/traffic/effort of admins to check the errata page. But in the end it
> is up to the OpenBSD team to decide how to handle this.
>
> Chris

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« UVM - why no user process submaps? [OpenBSD/TECH] | Re: UVM - why no user process submaps? [OpenBSD/TECH] »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 10:03 PM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com