Security mailing list

David Collier-Brown dave at lethe.UUCP
Sat Nov 19 13:02:08 AEST 1988


>>In article <17841 at glacier.STANFORD.EDU> jbn at glacier.UUCP (John B. Nagle) writes:
>>>I suggest that the security mailing list be posted to a newsgroup,
>>>but with a 60-day delay.
> 
>From article <386 at tron.UUCP>, by moran at tron.UUCP (Harvey R Moran):>     
> I wonder how many more people out there believe that sites without
> access to the security mailing list (or possibly even USENET) should
> have their risks increased pretty significantly?  How about us binary
> liscense sites?
>

 Well, consider two points:

	1) If you're not one the net, and preferably don't support
async communications, your insecurity to communications-related
attacks is not significantly affected.
	2) Binary sites get patches too: my sun comes with patches
printed on paper, for me to apply the hard way.

  The suggestion of a 60-day timeout is by no means a cure-all. It
is a heuristic to improve the general case while minimizing impact
upon other cases.

--dave



More information about the Comp.unix.wizards mailing list