Security mailing list
David Collier-Brown
dave at lethe.UUCP
Sat Nov 19 13:02:08 AEST 1988
>>In article <17841 at glacier.STANFORD.EDU> jbn at glacier.UUCP (John B. Nagle) writes:
>>>I suggest that the security mailing list be posted to a newsgroup,
>>>but with a 60-day delay.
>
>From article <386 at tron.UUCP>, by moran at tron.UUCP (Harvey R Moran):>
> I wonder how many more people out there believe that sites without
> access to the security mailing list (or possibly even USENET) should
> have their risks increased pretty significantly? How about us binary
> liscense sites?
>
Well, consider two points:
1) If you're not one the net, and preferably don't support
async communications, your insecurity to communications-related
attacks is not significantly affected.
2) Binary sites get patches too: my sun comes with patches
printed on paper, for me to apply the hard way.
The suggestion of a 60-day timeout is by no means a cure-all. It
is a heuristic to improve the general case while minimizing impact
upon other cases.
--dave
More information about the Comp.unix.wizards
mailing list