Security mailing list
John B. Nagle
jbn at glacier.STANFORD.EDU
Tue Nov 15 03:03:43 AEST 1988
I suggest that the security mailing list be posted to a newsgroup,
but with a 60-day delay. Sites and vendors serious about security will either
have fixed any problem by that time, or they probably aren't going to fix it
at all. This insures that a false sense of security is not engendered among
system administrators, yet allows a reasonable time for closing newly discovered
problems.
General knowledge of that 60-day timer will tend to accelerate efforts
by vendors to fix problems, I would suspect.
Why 60 days? A monthly update service would be enough to keep systems
operating with the latest security fixes. 30 days would require biweekly
updates to stay current, which is a bit frequent. Much longer than 60 days,
and the pressure would be off on fixing holes.
John Nagle
More information about the Comp.unix.wizards
mailing list