On Wed, Sep 17, 2003 at 10:20:43AM +0100, Matt Collins wrote: > From: Matt Collins <[EMAIL PROTECTED]> > It isnt particularly useful for a cross platform research/discussion list > to be flooded with 7 software release announcements for the same bug, > though.
It makes clear that these distros actually care about security. If I am looking for a secure hardware router or an operating system, I'll first consider those that are tracking general security-related mailing-lists and that are posting their advisories there. It is obvious that the OpenSSH vuln affects more hardware vendors that just Cisco. Or more OS/distros than those that posted here. But how to know if these other vendors actually fixed the flaw? Maybe the patches are only announced on a mailing-list that only already-existing customers can be aware of. People who have to make decisions won't spent time digging for those lists. Various vendors posting to Bugtraq and FD are a good thing IMHO. It's just like replies to a broadcast icmp echo request. Vendors that keep answering with reasonnable latency can be trusted. Vendors that only replies to their private network can't be fully trusted by other people. Vendors that don't answer can't be trusted at all. -- __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
