Subject: Re: What to do about unfixed vulnerabilities?
To: Trevor Johnson <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 10/23/2000 15:03:48
In message <Pine.BSI.firstname.lastname@example.org>, Trevor John
>Hubert Feyrer wrote:
>> On Mon, 23 Oct 2000, Trevor Johnson wrote:
>> > I notice this in FreeBSD's ports/mail/pine4/Makefile,v:
>> That's nice. We're NetBSD. Pleased to meet you! :-)
>The remark pertains to the PINE distfile. If UW magically sends different
>sources when NetBSD users download PINE, then it makes sense that you
>dismiss the remark. Otherwise, it does not.
More to the point, the general thrust of the comment -- that any
program with that many uses of known-dangerous functions -- is unlikely
to be correct applies on any host.