[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lack of security announcements (was Re: OpenBSD on BUGTRAQ again)



Saad Kadhi said:
>I agree with you. I am also a converted Linux user (though the reasons that
>made me *believe* are different) and I do believe that receiving an email alert
>of some sort to say that security patch X is out is a waste of time &
>bandwidth. I have already too much messages to stroll through during the day.
>But I always find a few minutes per week at least to check
>http://www.openbsd.org/errata27.html.

Well, I'm not a Believer[tm], just a sysadmin who uses OpenBSD and
likes it a lot, and I potentially have a lot to lose if I just
happen to screw up and forget to check http://www.openbsd.org/errata27.html.

But please allow me to point out that having a quick note to the
security-announce mailing list, or to a hypothetical list called
errata-change-announce or whatever, need not mean that you are
afflicted by that overwhelming burden of two or three email messages
a month.  You don't have to subscribe.

However, since I've been asking for a quick note to security-announce
when something is put on the errata page for months, and it's been 
repeatedly greeted with silence or sarcasm, I've given up and started
running a local script to compare the errata page daily and send me mail
if it has changed.  (I was lazy enough to grab and modify Rob Bringman's
script -- thanks, Rob)

I would be happy to send that output to security-announce instead.  I
have a serious problem with OpenBSD having a security-announce list
at all if it is going to give subscribers a false sense of security.
It should either not exist or should provide this information.

Jill Lundquist		                           jill_(_at_)_chezns_(_dot_)_org
"The first butcher I saw as a child had a wooden leg, and to this
 day I have an unreasonable feeling that butchers with two genuine
 legs are impostors."            -Robertson Davies