Subject: Re: Dante; what exactly are security mechanisms of pkgsrc?
To: Ing.,BcA. Ivan Dolezal <firstname.lastname@example.org>
From: Alistair Crooks <email@example.com>
Date: 07/12/2002 17:01:49
On Fri, Jul 12, 2002 at 04:16:48PM +0200, Ing.,BcA. Ivan Dolezal wrote:
> But my question was different: what mechanism is behind gathering
> information for "vulnerabilities" text file? How many people care of it?
> On what basis? Are they paid by NetBSD Foundation? Or Wassabi Systems?
> Or is it just a chaotic mess?
A number of people scan a number of security mailing lists, and
inform a NetBSD developer, or take steps themselves, whenever a
vulnerability is made known.
I don't believe anyone is paid by the NetBSD Foundation.
I scan a number of mailing lists, and have updated the vulnerabilities
file, and I am employed by Wasabi Systems, but it's not my principal
job function. In fact, it's not part of my job at all.
I also dislike your calling it a "chaotic mess".
I don't know what you're used to, but, to me, there is absolutely
no chaos or mess in being informed automatically that some software
you have installed on a number of machines is vulnerable to exploits.