Subject: Re: Security advisories
To: Ed Ravin <>
From: Brian A. Seklecki <>
List: tech-security
Date: 03/29/2006 01:00:24
On Tue, 2006-03-28 at 16:59, Ed Ravin wrote:
> On Mon, Mar 27, 2006 at 10:05:46AM +0100, Dave Tyson wrote:
> > [minor ranting]
> > 
> > Notwithstanding the discussion on this list a few days ago about the latest 
> > sendmail security alert, I am concerned that the project seems to be failing 

Yea even if the official security advisory isn't released, as soon as
these fixes are committed there should be some threads appearing on the

If the advisories are on delay due to the need for careful review and
testing, then how else can you accelerate the process then by starting

Ed/Dave: I just had the same thoughts about OpenBSD of all things.  You
know up until some very recent release, they were shipping a base
userland that bound sendmail to wildcard TCP/25, so...They omitted the
Sendmail patches from their front page "Daily Changelog", but
immediately made an Errata entry for 3.7 and 3.8.

...but very little discussion on the lists.

We don't have an "Errata" system, but I would except to see these fixes
listed in:

Of course, they don't do formal advisories either.  But I think the idea
here is that NetBSD is generally the best of both worlds >:}