On Sat, 17 Mar 2007, Karel Kulhavy wrote:
What about Charlie Root testing something remotely through cron and then
Ok, I'll bite. This is not hard. Here's something I did real quick.
Use at your own risk. Replace XXX with your closest ftp mirror from
http://www.openbsd.org/ftp.html. Read
On 18/03/2007, at 4:25 PM, Shawn K. Quinn wrote:
On Sat, 2007-03-17 at 19:08 +0100, Karel Kulhavy wrote:
I also suggest that the list include the cumulative amount
for each donor, sorted so that the biggest donors are at the
top.
To me, this makes about as much sense as publishing a similar l
On Sat, 2007-03-17 at 19:08 +0100, Karel Kulhavy wrote:
> I also suggest that the list include the cumulative amount
> for each donor, sorted so that the biggest donors are at the
> top.
To me, this makes about as much sense as publishing a similar list for
penis size (and whatever its female equi
Travers Buda wrote:
* Karel Kulhavy <[EMAIL PROTECTED]> [2007-03-17 19:47:00]:
It would be better if OpenBSD could be maintained secure even without a skilled
security professional.
Today's trend is that things are accomodated to ordinary people. You don't need
a driver anymore to professio
* Karel Kulhavy <[EMAIL PROTECTED]> [2007-03-17 19:47:00]:
> It would be better if OpenBSD could be maintained secure even without a
> skilled
> security professional.
>
> Today's trend is that things are accomodated to ordinary people. You don't
> need
> a driver anymore to professionally driv
On Sat, Mar 17, 2007 at 08:43:57PM +, Deanna Phillips wrote:
> Ray Percival writes:
>
> > No. Everybody with a clue knows that there is two sources for
> > good data. The errata page and source-changes.
>
> I'd like to add undeadly's RSS here, since I don't think anyone
> has mentioned it yet
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 17, 2007, at 1:00 PM, Karel Kulhavy wrote:
On Sat, Mar 17, 2007 at 11:43:47AM +1100, fonkprop wrote:
Yet again, we see that although Theo is willing to beg, wheedle
and threaten
his user community into sending him money when he needs it, h
Ray Percival writes:
> No. Everybody with a clue knows that there is two sources for
> good data. The errata page and source-changes.
I'd like to add undeadly's RSS here, since I don't think anyone
has mentioned it yet. There are two RSS feeds that would have
alerted people to this: one for stor
> I get a kick out of people who are too slack to spend the two hours
> of reading and twenty minutes of unattended execution time it takes
> to CVS or patch a kernel and compile it.
Some of these people clearly think they are entitled.
But they are not entitled. Nothing entitles them to anythin
christ.
buddha.
the thread that would not die.
i invoke godwins law in a (probably ) unsuccessful attempt to end the
insanity:
nazi nazi holocaust, nazi.
On Mar 17, 2007, at 12:09 PM, Karel Kulhavy wrote:
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a
On Sat, Mar 17, 2007 at 11:43:47AM +1100, fonkprop wrote:
> Yet again, we see that although Theo is willing to beg, wheedle and threaten
> his user community into sending him money when he needs it, he holds them in
> too much contempt to respond to simple, uncontroversial and valid criticism.
>
>
On Fri, 16 Mar 2007, Darren Spruell wrote:
> On 3/16/07, Martin Schrvder <[EMAIL PROTECTED]> wrote:
> [snip blah blah blah...]
>
> I want
> everyone trying to make that point to think of all the software
> vendors they deal with, inclu
>> > Free Software: "You don't pay back, you pay forward."
>> > -- Robert A. Heinlein
>>
>> I was trying to decide if I should reply, and if so, how.
>>
>> I looked for your name on the donations list. I don't see it.
>
>Out of curiosity, when I bought several t-shirts at the
On Mar 17, 2007, at 11:50 AM, Karel Kulhavy wrote:
On Fri, Mar 16, 2007 at 05:53:10AM +, Karl O. Pinc wrote:
On 03/15/2007 11:55:44 PM, Kian Mohageri wrote:
Security isn't about receiving notifications to your Inbox in a
timely
fashion. It is about being proactive yourself. You should
On Fri, Mar 16, 2007 at 01:49:52AM -0500, Travers Buda wrote:
> * tony sarendal <[EMAIL PROTECTED]> [2007-03-16 06:03:49]:
>
> > http://www.openbsd.org/mail.html
> > ---
> > *security-announce* Security announcements. This low volume list receives
> > OpenBSD security advisories and pointers to se
On Fri, Mar 16, 2007 at 05:53:10AM +, Karl O. Pinc wrote:
> On 03/15/2007 11:55:44 PM, Kian Mohageri wrote:
>
> >Security isn't about receiving notifications to your Inbox in a timely
> >fashion. It is about being proactive yourself. You should be the one
> >taking measures to secure your sy
Hi Karel,
> Out of curiosity, when I bought several t-shirts at the kd85 shop in
> Belgium, does actually a part of it go to the donations list and do I
> pop there up with few dollars?
No. You make it on the donations list when you make a donation.
As to your suggestions: don't expect them to b
> I also suggest that the list include the cumulative amount for each donor,
> sorted so that the biggest donors are at the top.
A few of us could get started with maintaining such data, but we'd
get less othe done. Besides all the development discussions and such
I am still falling behind by abo
On Thu, Mar 15, 2007 at 11:49:19PM -0600, Jacob Yocom-Piatt wrote:
> Karl O. Pinc wrote:
> > On 03/15/2007 11:29:22 PM, Theo de Raadt wrote:
> >
> >> I looked for your name on the donations list. I don't see it.
> >
> > I only buy CDs and stuff occasionally, and generally
> > invest time in what I
--> Bram, your gtodo is mentioned.
On Fri, Mar 16, 2007 at 01:40:57AM -0400, Daniel Ouellet wrote:
> Karl O. Pinc wrote:
> >On 03/15/2007 11:29:22 PM, Theo de Raadt wrote:
> >
> >>I looked for your name on the donations list. I don't see it.
> >
> >I only buy CDs and stuff occasionally, and gener
On Fri, Mar 16, 2007 at 04:31:32AM +, Karl O. Pinc wrote:
> On 03/15/2007 10:48:49 PM, Ray Percival wrote:
> >On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote:
>
> >>I rely on having a clear channel for security related
> >>problems.
>
> >The only communication problem here is that you don't l
On Fri, Mar 16, 2007 at 04:23:00AM +, Karl O. Pinc wrote:
> No, but if security errata announcements arn't delivered
> in a fashion that delivers them to a human then they
> do no good. I should not be expected to peruse the
> misc@openbsd.org list to find errata announcements.
> OpenBSD says
On Thu, Mar 15, 2007 at 10:29:22PM -0600, Theo de Raadt wrote:
> > Free Software: "You don't pay back, you pay forward."
> > -- Robert A. Heinlein
>
> I was trying to decide if I should reply, and if so, how.
>
> I looked for your name on the donations list. I don't see it.
O
"Ray Percival"
...
> attention had patched and been happy for nearly a week. The logic
> behind the misc posting is so very obvious that to bitch about it is
> just finding something to complain about. I, of course, don't know
> the exact numbers but it seems pretty clear that misc has a much
> lar
Is it really that hard to cc to security-anoounce? Jeez...
2007/3/17, Ray Percival <[EMAIL PROTECTED]>:
On Mar 16, 2007, at 5:43 PM, fonkprop wrote:
> Yet again, we see that although Theo is willing to beg, wheedle and
> threaten
> his user community into sending him money when he needs it, he
On 16-Mar-07, at 9:57 PM, Ray Percival wrote:
On Mar 16, 2007, at 5:43 PM, fonkprop wrote:
Yet again, we see that although Theo is willing to beg, wheedle
and threaten
his user community into sending him money when he needs it, he
holds them in
too much contempt to respond to simple, uncont
On Mar 16, 2007, at 5:43 PM, fonkprop wrote:
Yet again, we see that although Theo is willing to beg, wheedle and
threaten
his user community into sending him money when he needs it, he
holds them in
too much contempt to respond to simple, uncontroversial and valid
criticism.
No. This is pur
Yet again, we see that although Theo is willing to beg, wheedle and threaten
his user community into sending him money when he needs it, he holds them in
too much contempt to respond to simple, uncontroversial and valid criticism.
On 3/16/07, Theo de Raadt <[EMAIL PROTECTED]> wrote:
>
> Let's se
On Fri, Mar 16, 2007 at 08:51:35PM +0100, Karel Kulhavy wrote:
[...]
> > It's actually really easy. Follow the first 2 steps in "man release".
>
> Unfortunately these instructions fail with not being clear if I should use
> OPENBSD_4_0_BASE or OPENBSD_4_0 in step 1. It doesn't say if I should pic
On Fri, Mar 16, 2007 at 10:20:00AM +, John Gould wrote:
> On Fri, 16 Mar 2007, Joachim Schipper wrote:
> >On Fri, Mar 16, 2007 at 09:54:16AM +0100, Karel Kulhavy wrote:
> >>On Tue, Mar 13, 2007 at 04:46:26PM -0600, Theo de Raadt wrote:
> >>> The OpenBSD team has released a "security fix"
> >>I
On 03/16/2007 02:51:35 PM, Karel Kulhavy wrote:
On Fri, Mar 16, 2007 at 01:26:39PM +, Karl O. Pinc wrote:
> It's actually really easy. Follow the first 2 steps in "man
release".
Unfortunately these instructions fail with not being clear if I should
use
OPENBSD_4_0_BASE or OPENBSD_4_0 in
Thanks very much for taking the time to respond.
On 03/16/2007 02:33:28 PM, Kian Mohageri wrote:
I'm not saying that you're unappreciative, just that it seemed that
way.
That is why when I write suggestions, I usually find something to
thank the
person for too, just so they don't feel unde
On 16-Mar-07, at 3:51 PM, Karel Kulhavy wrote:
On Fri, Mar 16, 2007 at 01:26:39PM +, Karl O. Pinc wrote:
It's actually really easy. Follow the first 2 steps in "man
release".
Unfortunately these instructions fail with not being clear if I
should use
OPENBSD_4_0_BASE or OPENBSD_4_0 i
On Fri, Mar 16, 2007 at 01:26:39PM +, Karl O. Pinc wrote:
>
> On 03/16/2007 03:54:16 AM, Karel Kulhavy wrote:
> >On Tue, Mar 13, 2007 at 04:46:26PM -0600, Theo de Raadt wrote:
> >> This means everyone should have our latest patches installed.
> >
> >[...]
> >
> >> *Solution/Vendor Information/
On 3/16/07, Karl O. Pinc <[EMAIL PROTECTED]> wrote:
>
>
> On 03/16/2007 02:51:48 AM, Kian Mohageri wrote:
>
> > Yeah. Expectations aside, being condescending is never warranted.
>
> We've all spent more time on this than it's worth, but I would
> appreciate it if you'd point out any condescension
On 3/16/07, Martin Schrvder <[EMAIL PROTECTED]> wrote:
[snip blah blah blah...]
After all the kvetching and sensationalism that's characterized both
this thread and the release of this errata, there's a few things I
wanted to point out. Theo's already put out the timeline and
circumstances around
On 3/16/07, Travers Buda <[EMAIL PROTECTED]> wrote:
* tony sarendal <[EMAIL PROTECTED]> [2007-03-16 08:15:18]:
> I don't see how your excuses apply here.
>
I can't help this =) : I noticed your quote about metaphysics. Well
it's metaphysically ridiculous to even expect excuses from people
who
Miod Vallat wrote:
PS Besides the aac stuff I noticed "marc-20070203". What is "marc"?
MARC is a top secret project only US government agencies and their
contractors know about.
The name stands for :
Moderately
Advanced
Rumours
Creator
and is being used as part of an evil conspiracy
On Fri, 16 Mar 2007, Miod Vallat wrote:
PS Besides the aac stuff I noticed "marc-20070203". What is "marc"?
MARC is a top secret project only US government agencies and their
contractors know about.
The name stands for :
Moderately
Advanced
Rumours
Creator
and is being used as part of an e
* tony sarendal <[EMAIL PROTECTED]> [2007-03-16 08:15:18]:
> I don't see how your excuses apply here.
>
I can't help this =) : I noticed your quote about metaphysics. Well
it's metaphysically ridiculous to even expect excuses from people
who owe you nothing.
> If Theo made a mistake by not sen
PS Besides the aac stuff I noticed "marc-20070203". What is "marc"?
MARC is a top secret project only US government agencies and their
contractors know about.
The name stands for :
Moderately
Advanced
Rumours
Creator
and is being used as part of an evil conspiracy to reduce the signa
On Mar 16, 2007, at 9:53 AM, Diana Eichert wrote:
On Fri, 16 Mar 2007, Jason Dixon wrote:
You're welcome to use my unsupported -stable kernel that I make
available for aac users. Please read the aac.README for more
details.
http://colo2.dixongroup.net/releases/unsupported/4.0-
stable-20
2007/3/16, Karl O. Pinc <[EMAIL PROTECTED]>:
On 03/16/2007 02:51:48 AM, Kian Mohageri wrote:
Expectations aside, being condescending is never warranted.
> Both
> Karl and Martin did just that.
I did not intend to be condesending and apologise if it
was taken that way.
Same here. It was a sta
On Fri, 16 Mar 2007, Jason Dixon wrote:
You're welcome to use my unsupported -stable kernel that I make available for
aac users. Please read the aac.README for more details.
http://colo2.dixongroup.net/releases/unsupported/4.0-stable-20070314/i386/
P.S. As Joachim mentions, you have to trus
On 03/16/2007 02:51:48 AM, Kian Mohageri wrote:
Expectations aside, being condescending is never warranted.
Both
Karl and Martin did just that.
I did not intend to be condesending and apologise if it
was taken that way.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay fo
On 16/03/07, Almir Karic <[EMAIL PROTECTED]> wrote:
is this a second remote hole in default install?
--
almir
http://www.openbsd.org/
On Mar 16, 2007, at 6:20 AM, John Gould wrote:
On Fri, 16 Mar 2007, Joachim Schipper wrote:
Is it possible to fix OpenBSD 4.0 system without compiling
anything, by e. g.
somehow rewriting the file that contains the kernel? I have never
compiled
OpenBSD, ports etc. and don't have time to stu
> This is idiotic, a big hole was found and the devs pissed about
> because they didn't want to admit it.
Noone in OpenBSD is pissed off about this. We posted the bug fix as
soon as we became aware of the problem. The timeline goes like this:
1) We were told there was a mbuf crash, which could
is this a second remote hole in default install?
--
almir
On Fri, 16 Mar 2007 21:22:58 +1100
"Richard Thornton" <[EMAIL PROTECTED]> wrote:
> This is idiotic, a big hole was found and the devs pissed about
> because they didn't want to admit it.
Say what? Didn't want to admit it? In what alternative universe was
this?
> OBSD's strength is in being open,
On 2007/03/16 11:02, Alexander Hall wrote:
> I added "block quick inet6" to pf.conf.
> I obviously do not use IPv6.
IPv6 link-local (which doesn't need any configuration, it's enabled
by default) can be a useful backup to have in the event of accidentally
breaking IPv4 (missing 'alias' to ifconfig
On Fri, 16 Mar 2007, Joachim Schipper wrote:
On Fri, Mar 16, 2007 at 09:54:16AM +0100, Karel Kulhavy wrote:
On Tue, Mar 13, 2007 at 04:46:26PM -0600, Theo de Raadt wrote:
This means everyone should have our latest patches installed.
*Solution/Vendor Information/Workaround*
The OpenBSD tea
Hi
I have donated, my hard earned. I don't involve myself commercially
in OBSD but I listen.
This is idiotic, a big hole was found and the devs pissed about
because they didn't want to admit it.
OBSD's strength is in being open, be open.
Move on and end this.
Theo, chill out.
Cheers
Rich
Karel Kulhavy wrote:
On Tue, Mar 13, 2007 at 04:46:26PM -0600, Theo de Raadt wrote:
This means everyone should have our latest patches installed.
[...]
*Solution/Vendor Information/Workaround*
The OpenBSD team has released a "security fix" to correct the mbuf
problem, it is available as a
> Is it possible to fix OpenBSD 4.0 system without compiling anything,
> by e. g. somehow rewriting the file that contains the kernel?
Yes, if you have a copy of the kernel from someone you trust to
provide it.
> I have never compiled OpenBSD, ports etc.
No need to compile all of OpenBSD.
1. If
2007/3/16, Lars Hansson <[EMAIL PROTECTED]>:
OpenBSD project isn't exactly overflowing with personell. But maybe
Karl and Martin are volunteering to maintain security-announce.
I'd be willing to do that (forward erratas to security-announce), but
let's not forget that OpenBSD is a dictatorship,
On Fri, Mar 16, 2007 at 09:54:16AM +0100, Karel Kulhavy wrote:
>
> Is it possible to fix OpenBSD 4.0 system without compiling anything, by e. g.
> somehow rewriting the file that contains the kernel? I have never compiled
> OpenBSD, ports etc. and don't have time to study all the theory around Ope
2007/3/16, Theo de Raadt <[EMAIL PROTECTED]>:
I don't know what to say. I am trying to get past the first
impression of you being a whining liar who quotes some fiction author.
Theo,
is flaming all you have to say in this thread?
Seriously: Do you think this bug was handled in the right way?
On Fri, Mar 16, 2007 at 09:54:16AM +0100, Karel Kulhavy wrote:
> On Tue, Mar 13, 2007 at 04:46:26PM -0600, Theo de Raadt wrote:
> > This means everyone should have our latest patches installed.
>
> > *Solution/Vendor Information/Workaround*
> >
> > The OpenBSD team has released a "security fix"
2007/3/16, Kian Mohageri <[EMAIL PROTECTED]>:
Yeah. Expectations aside, being condescending is never warranted. Both
Karl and Martin did just that. They could have asked if there was a reason
it wasn't sent to security-announce@ instead of misc@, rather than saying
"This is terrible handling o
On Wed, Mar 14, 2007 at 05:45:39PM +0100, Tom Van Looy wrote:
> What about: "Release Mode: FORCED RELEASE"?
> This is about the exploit, right? And not the advisory.
Why isn't anything written on the title page openbsd.org? Having a remote root
exec proof of concept is not enough to ask the users
On Fri, Mar 16, 2007 at 02:31:09AM +, Karl O. Pinc wrote:
> I agree. I'm very annoyed that I have to read about this
> problem on slashdot. The misc list is not the right place
> for this announcement, some low-traffic announce list that
> goes right into my inbox is where this stuff belongs.
On 3/16/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
>
> On Fri, 16 Mar 2007 18:03:02 +1100
> Sunnz <[EMAIL PROTECTED]> wrote:
>
> > If I tell you that I'll give you fries as they become available what
> > would you think I am saying?
>
> Unless it's your job to give them to me now and I have paid y
On Tue, Mar 13, 2007 at 04:46:26PM -0600, Theo de Raadt wrote:
> This means everyone should have our latest patches installed.
[...]
> *Solution/Vendor Information/Workaround*
>
> The OpenBSD team has released a "security fix" to correct the mbuf
> problem, it is available as a source code pat
"Karl O. Pinc" <[EMAIL PROTECTED]> writes:
> On 03/15/2007 11:04:49 PM, Jeremy Huiskamp wrote:
>
> > That's what I was going to say. If you did things properly,
> > you would have had this patch applied before you knew that it
> > was a remote hole.
>
> You have a valid point: any bug is a secu
On 16/03/07, Travers Buda <[EMAIL PROTECTED]> wrote:
>
> * tony sarendal <[EMAIL PROTECTED]> [2007-03-16 06:03:49]:
>
> > http://www.openbsd.org/mail.html
> > ---
> > *security-announce* Security announcements. This low volume list
> receives
> > OpenBSD security advisories and pointers to security
But if you see fries do become available wouldn't you ask me what happened?
Yes I may have no obligation to give you fries, but since I said I
will give you the fries when they become available, should I not
expect you to ask me what's went wrong with my offering?
2007/3/16, Lars Hansson <[EMAIL
2007/3/16, Travers Buda <[EMAIL PROTECTED]>:
* tony sarendal <[EMAIL PROTECTED]> [2007-03-16 06:03:49]:
of ingratitude... because there is ingratitude. To add insult to
injury, people ask for more than what is freely offered. Example:
this thread.
Are people really asking for more than what
On Fri, 16 Mar 2007 18:03:02 +1100
Sunnz <[EMAIL PROTECTED]> wrote:
> If I tell you that I'll give you fries as they become available what
> would you think I am saying?
Unless it's your job to give them to me now and I have paid you to do
so I'd expect to get them whenever you have them and feel
It is not just an implication, that's exactly what it said:
"receives OpenBSD security advisories and pointers to security patches
as they become available."
If I tell you that I'll give you fries as they become available what
would you think I am saying?
It is really simple English and as ther
* tony sarendal <[EMAIL PROTECTED]> [2007-03-16 06:03:49]:
> http://www.openbsd.org/mail.html
> ---
> *security-announce* Security announcements. This low volume list receives
> OpenBSD security advisories and pointers to security patches as they become
> available.---Martin and Karl have valid po
On Fri, 16 Mar 2007 06:03:49 +
"tony sarendal" <[EMAIL PROTECTED]> wrote:
> http://www.openbsd.org/mail.html
> ---
> *security-announce* Security announcements. This low volume list receives
> OpenBSD security advisories and pointers to security patches as they become
> available.---Martin and
http://www.openbsd.org/mail.html
---
*security-announce* Security announcements. This low volume list receives
OpenBSD security advisories and pointers to security patches as they become
available.---Martin and Karl have valid points in their initial emails.
/Tony S
--
Tony Sarendal - [EMAIL PRO
I apologise to the list for responding to
the flames. I made my point and went beyond
into unproductiveness.
I'm sorry and I'll stop now.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
On 03/16/2007 12:40:57 AM, Daniel Ouellet wrote:
And what are the developers doing with their time? They give it to
you and you have the got to complain on top of it!
So next time I shouldn't post when I see a problem?
That'll help, not.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pa
* Karl O. Pinc <[EMAIL PROTECTED]> [2007-03-16 04:23:00]:
> No, but if security errata announcements arn't delivered
> in a fashion that delivers them to a human then they
> do no good. I should not be expected to peruse the
> misc@openbsd.org list to find errata announcements.
> OpenBSD says ann
On 03/15/2007 11:55:44 PM, Kian Mohageri wrote:
Security isn't about receiving notifications to your Inbox in a timely
fashion. It is about being proactive yourself. You should be the one
taking measures to secure your systems, and you should be the one
ACTIVELY
LOOKING for problems. Watching
Karl O. Pinc wrote:
> On 03/15/2007 11:29:22 PM, Theo de Raadt wrote:
>
>> I looked for your name on the donations list. I don't see it.
>
> I only buy CDs and stuff occasionally, and generally
> invest time in what I hope are productive ways.
>
like bitching about stuff that you, as a "security
On 03/16/2007 12:09:46 AM, Theo de Raadt wrote:
>> I looked for your name on the donations list. I don't see it.
>
>I only buy CDs and stuff occasionally, and generally
>invest time in what I hope are productive ways.
I think you bought one CD.
I think I've bought 4 over the last 5 years.
I w
Karl O. Pinc wrote:
On 03/15/2007 11:29:22 PM, Theo de Raadt wrote:
I looked for your name on the donations list. I don't see it.
I only buy CDs and stuff occasionally, and generally
invest time in what I hope are productive ways.
And what are the developers doing with their time? They giv
On Mar 16, 2007, at 1:09 AM, Theo de Raadt wrote:
I looked for your name on the donations list. I don't see it.
I only buy CDs and stuff occasionally, and generally
invest time in what I hope are productive ways.
I think you bought one CD.
Now you spout and whine. Is that a Robert Heinlei
>> I looked for your name on the donations list. I don't see it.
>
>I only buy CDs and stuff occasionally, and generally
>invest time in what I hope are productive ways.
I think you bought one CD.
Now you spout and whine. Is that a Robert Heinlein philosophy?
>How much do I need to donate to k
On 03/15/2007 11:29:22 PM, Theo de Raadt wrote:
I looked for your name on the donations list. I don't see it.
I only buy CDs and stuff occasionally, and generally
invest time in what I hope are productive ways.
How much do I need to donate to keep from having to
waste my time in unproductive
On 3/15/07, Karl O. Pinc <[EMAIL PROTECTED]> wrote:
>
> On 03/15/2007 10:48:49 PM, Ray Percival wrote:
> > On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote:
>
> >> I rely on having a clear channel for security related
> >> problems.
>
> > The only communication problem here is that you don't look
>
On Mar 16, 2007, at 12:36 AM, Karl O. Pinc wrote:
You have a valid point: any bug is a security problem.
However, the topic is not my management practices and
the tradeoffs involved therein. The topic is the
efficacy of the security-announce list. If I knew
security-announce was broken I could
> You have a valid point: any bug is a security problem.
> However, the topic is not my management practices and
> the tradeoffs involved therein. The topic is the
> efficacy of the security-announce list. If I knew
> security-announce was broken I could write a screen-scraper
> to check the erra
On 3/15/07, Ray Percival <[EMAIL PROTECTED]> wrote:
You -do- know that this has been on the errata page since
Friday, right? Because as worried as you are and as important
as this is to you you take the responsibility to check said page
every day, of course. Oh wait. No you don't.
Or use the ma
On 03/15/2007 11:04:49 PM, Jeremy Huiskamp wrote:
That's what I was going to say. If you did things properly,
you would have had this patch applied before you knew that it
was a remote hole.
You have a valid point: any bug is a security problem.
However, the topic is not my management practic
On 03/15/2007 10:48:49 PM, Ray Percival wrote:
On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote:
I rely on having a clear channel for security related
problems.
The only communication problem here is that you don't look
at the information that the project puts out there for you.
The projec
> Free Software: "You don't pay back, you pay forward."
> -- Robert A. Heinlein
I was trying to decide if I should reply, and if so, how.
I looked for your name on the donations list. I don't see it.
But your quote makes it clear.
I don't know what to say. I am trying to ge
On 03/15/2007 10:24:31 PM, Tony Abernethy wrote:
Karl O. Pinc wrote:
>
> On 03/14/2007 09:13:19 AM, Martin Schrvder wrote:
> > 2007/3/13, Theo de Raadt <[EMAIL PROTECTED]>:
> >> This means everyone should have our latest patches installed.
>
> > Just a reminder: security-announce exists for messa
Karl O. Pinc wrote:
>
> On 03/14/2007 09:13:19 AM, Martin Schrvder wrote:
> > 2007/3/13, Theo de Raadt <[EMAIL PROTECTED]>:
> >> This means everyone should have our latest patches installed.
>
> > Just a reminder: security-announce exists for messages like
> this. Use
> > it or delete it.
> >
On 15-Mar-07, at 11:48 PM, Ray Percival wrote:
On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote:
I agree. I'm very annoyed that I have to read about this
problem on slashdot. The misc list is not the right place
for this announcement, some low-traffic announce list that
goes right into my inb
On Mar 15, 2007, at 7:31 PM, Karl O. Pinc wrote:
I agree. I'm very annoyed that I have to read about this
problem on slashdot. The misc list is not the right place
for this announcement, some low-traffic announce list that
goes right into my inbox is where this stuff belongs.
I rely on having
On 03/14/2007 09:13:19 AM, Martin Schrvder wrote:
2007/3/13, Theo de Raadt <[EMAIL PROTECTED]>:
This means everyone should have our latest patches installed.
Just a reminder: security-announce exists for messages like this. Use
it or delete it.
While the bug is bad, the handling of it is eve
> What about: "Release Mode: FORCED RELEASE"?
> This is about the exploit, right? And not the advisory.
That means "a patch has already been made available, so the advisory
should match it, we release right away".
What about: "Release Mode: FORCED RELEASE"?
This is about the exploit, right? And not the advisory.
Theo de Raadt wrote:
> This means everyone should have our latest patches installed.
>
>
> Date: Tue, 13 Mar 2007 19:40:15 -0300
> From: CORE Security Technologies Advisories <[EMAIL PROTECTE
2007/3/13, Theo de Raadt <[EMAIL PROTECTED]>:
This means everyone should have our latest patches installed.
Uh. :-(
Just a reminder: security-announce exists for messages like this. Use
it or delete it.
While the bug is bad, the handling of it is even worse.
Best
Martin
Here's a quick one for 3.6 thru 3.8 for those of us who are still holding on
to stale goods and old baggage.
http://www.bogus.net/~torh/files/uipc_mbuf2.c.openbsd_3_6.patch
Obviously, we should all upgrade. Ahem.
Tor
This means everyone should have our latest patches installed.
Date: Tue, 13 Mar 2007 19:40:15 -0300
From: CORE Security Technologies Advisories <[EMAIL PROTECTED]>
Organization: CORE Security Technologies
MIME-Version: 1.0
To: Bugtraq , Vulnwatch <[EMAIL PROTECTED]>
Subject: CORE-2007-0219: O
100 matches
Mail list logo
