Subject: Re: What to do about unfixed vulnerabilities?
To: Trevor Johnson <>
From: Steven M. Bellovin <>
List: tech-pkg
Date: 10/23/2000 15:03:48
In message <>, Trevor John
son writes:
>Hubert Feyrer wrote:
>> On Mon, 23 Oct 2000, Trevor Johnson wrote:
>> > I notice this in FreeBSD's ports/mail/pine4/Makefile,v:
>> <deleted>
>> That's nice. We're NetBSD. Pleased to meet you! :-)
>The remark pertains to the PINE distfile.  If UW magically sends different
>sources when NetBSD users download PINE, then it makes sense that you
>dismiss the remark.  Otherwise, it does not.

More to the point, the general thrust of the comment -- that any 
program with that many uses of known-dangerous functions -- is unlikely 
to be correct applies on any host.

		--Steve Bellovin