Martin SchrC6der wrote:
Why do you maintain stable by issuing security patches for it if you
don't care if anybody installs them (by not telling them about the
patches through one of the designated channels)? Don't you want
people installing them?
Is it so hard to write a mail to the list
On Sun, Nov 30, 2008 at 10:23:56AM -0800, new_guy wrote:
Martin SchrC6der wrote:
Why do you maintain stable by issuing security patches for it if you
don't care if anybody installs them (by not telling them about the
patches through one of the designated channels)? Don't you want
* Martin Schrvder [EMAIL PROTECTED] [2008-11-13 10:02]:
Is it so hard to write a mail to the list once every few months? The
content is already there...
I have written security announcements before. It ia way more work and
way more involved than you think. it sucks. not sure wether I'll do it
Hi,
On Thu, 13.11.2008 at 08:55:04 -0500, Ted Unangst [EMAIL PROTECTED] wrote:
So get on the developer's case when they don't send out notifications.
All this chatter now isn't going to change anything when the next
errata comes out. You want security announcement? Do something to
make it
On Sat, Nov 15, 2008 at 11:21:22AM +0100, Toni Mueller wrote:
Hi,
On Thu, 13.11.2008 at 08:55:04 -0500, Ted Unangst [EMAIL PROTECTED] wrote:
So get on the developer's case when they don't send out notifications.
All this chatter now isn't going to change anything when the next
errata
On Sat, Nov 15, 2008 at 5:21 AM, Toni Mueller [EMAIL PROTECTED] wrote:
I can imagine having a script, somehow tied into the CVS commit hook,
that would scan the commit message for security or reliability or
so, and automatically send out mails to this list, but would you use it
if I'd write it
Martin Schrvder [EMAIL PROTECTED] writes:
Do not let serious problems sit unsolved.
It's not a serious problem for us.
//art
-Original Message-
From: Theo de Raadt [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2008 1:29 PM
To: Ted Unangst
Cc: Thomas Pfaff; misc@openbsd.org
Subject: Re: Missing security announcements
Of course, this is how things always work on misc. There's the
developers do
On Thu, 13 Nov 2008 09:29:09 -0700, Theo de Raadt
[EMAIL PROTECTED] said:
someone should take the task to send a
mail via it once something arrives on the errata page.
It is really easy to use that word should when it isn't you.
and some of us don't really consider the 'errata' to be
On Thu, Nov 13, 2008 at 11:50 AM, Thomas Pfaff [EMAIL PROTECTED] wrote:
Apparently not, so just remove the damn thing and avoid confusion.
Thanks, but we've decided to keep the list so we won't need the patch.
Here:
Index: mail.html
2008/11/13 Theo de Raadt [EMAIL PROTECTED]:
I think that would work better. I am not here saying this because
I have answers. I don't. I think that people running old software
quite frankly cannot rely on a mailing list run by people who don't
run -stable. So how can any of you hope we
I too have of course subscribed myself to the list, and i think since
its there, it should work and be updated regularly. If we don't need
such a list, then lets delete it. But since its there, and people are
subscribing to it in hope to get a quick mail notifying them of new
patches or other
additionally, i care very about about those patches, and apply each and
everyone where needed every time.
Martin Schrvder wrote:
2008/11/13 Theo de Raadt [EMAIL PROTECTED]:
I think that would work better. I am not here saying this because
I have answers. I don't. I think that people
On Thu, Nov 13, 2008 at 5:59 AM, David Schulz [EMAIL PROTECTED] wrote:
I too have of course subscribed myself to the list, and i think since its
there, it should work and be updated regularly. If we don't need such a
list, then lets delete it. But since its there, and people are subscribing
to
Ted,
everybody knows that's not going to happen. Why no scrap the security
announcement list if it's not being used or just whenever someone feels like
it? The mere existence of this list implies to users that new errata are
being announced to that list which is not the case. Get rid of the list
On Thu, Nov 13, 2008 at 9:12 AM, Tobias Weisserth
[EMAIL PROTECTED] wrote:
everybody knows that's not going to happen. Why no scrap the security
announcement list if it's not being used or just whenever someone feels like
it? The mere existence of this list implies to users that new errata are
All this chatter now isn't going to change anything when the next
errata comes out. You want security announcement? Do something to
make it happen!
Ted,
everybody knows that's not going to happen.
I remember having asked the same question YEARS AGO and
nothing has changed since then.
there is also the errata rss feed from undeadly
If anyone cares enough, someone could write a perl/ksh/whatever script
that can mail updates to that list. Apparently nobody cares and the
list is useless ATM, so IMHO it should be deleted.
--
Aram Havarneanu
Janne,
On Thu, Nov 13, 2008 at 4:14 PM, Janne Johansson [EMAIL PROTECTED] wrote:
everybody knows that's not going to happen.
I remember having asked the same question YEARS AGO and
nothing has changed since then.
Reading those two next to eachother says everything.
Why ain't you a bit
On 13 Nov 2008, at 15:56, Tobias Weisserth wrote:
Janne,
On Thu, Nov 13, 2008 at 4:14 PM, Janne Johansson [EMAIL PROTECTED] wrote:
everybody knows that's not going to happen.
I remember having asked the same question YEARS AGO and
nothing has changed since then.
Reading those two next to
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Janne Johansson
Sent: Thursday, November 13, 2008 10:14 AM
To: Misc OpenBSD
Subject: Re: Missing security announcements
why not just get it yourself if you're worried about it? just fire a crontab
entry
someone should take the task to send a
mail via it once something arrives on the errata page.
It is really easy to use that word should when it isn't you.
On Thu, 13 Nov 2008 11:22:09 -0500
Morris, Roy [EMAIL PROTECTED] wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Janne Johansson
Sent: Thursday, November 13, 2008 10:14 AM
To: Misc OpenBSD
Subject: Re: Missing security announcements
why
As someone new to OpenBSD and UNIX in general (reading a lot and trying
to learn) I signed up for the security list due to the description of
the list thinking I would be covered if something serious were to come
up. I only check errata about every week or so and as of right now I'm
not even sure
To everyone who wants security-announce to work:
On Thu, 13 Nov 2008 09:29:09 -0700
Theo de Raadt [EMAIL PROTECTED] wrote:
someone should take the task to send a mail via it once something
arrives on the errata page.
It is really easy to use that word should when it isn't you.
I'll do
just fire a crontab entry and move on
actually, that's a great idea, I just scheduled the following script
this mails the diff of errata.html, but only if something changed
#!/bin/sh
rel=44 # OpenBSD version
ftp http://www.openbsd.org/errata$rel.html /dev/null 21
if [ $? != 0 ]; then
echo
On Thu, Nov 13, 2008 at 12:35 PM, Aaron W. Hsu [EMAIL PROTECTED] wrote:
Is security-announce an open list? If not, give me access and I'll
keep it reasonably up to date, give or take a day or so of release of
the Security Errata on the website, unless there is an even faster way
of checking
Ted == Ted Unangst [EMAIL PROTECTED] writes:
Ted What you can do is monitor the list. If an erratum comes out and
Ted nothing happens for a day, email the person responsible and remind
Ted them. The person responsible is not necessarily the person who
Ted happened to commit to stable, though,
On Thu, 13 Nov 2008 12:55:36 -0500
Ted Unangst [EMAIL PROTECTED] wrote:
[...] There's no announcements on the list because probably
half the developers don't know they are supposed to make such
announcements.
Excuse my ignorance, but who keeps http://openbsd.org/errata44.html
updated, then?
On Thu, Nov 13, 2008 at 1:38 PM, Randal L. Schwartz
[EMAIL PROTECTED] wrote:
Who handles the errata page, assigning the sequential numbers and deciding
whether it's a security fix or not? Surely, it would be easier to teach that
small set of people (one?) to cc the mailing list on a security
On Thu, Nov 13, 2008 at 11:19:45AM -0600, Brian Drain wrote:
So I am curious, what IS the best way to stay up to date? Is manually
checking the errata page every day really correct (seems like there
would be an automated solutuion such as the lynx dump aforementioned)?
It seems to me that
On Thu, Nov 13, 2008 at 1:55 PM, Thomas Pfaff [EMAIL PROTECTED] wrote:
On Thu, 13 Nov 2008 12:55:36 -0500
Ted Unangst [EMAIL PROTECTED] wrote:
[...] There's no announcements on the list because probably
half the developers don't know they are supposed to make such
announcements.
Excuse my
Of course, this is how things always work on misc. There's the
developers do it option and the community does it option. The
community is full of ideas about the first option, and full of shit
when it comes to the second.
That is exactly what happens.
Now what happens next?
You guys out
On Thu, 13 Nov 2008 14:12:21 -0500
Ted Unangst [EMAIL PROTECTED] wrote:
On Thu, Nov 13, 2008 at 1:55 PM, Thomas Pfaff [EMAIL PROTECTED] wrote:
On Thu, 13 Nov 2008 12:55:36 -0500
Ted Unangst [EMAIL PROTECTED] wrote:
[...] There's no announcements on the list because probably
half the
On Thu, 13 Nov 2008 12:55:36 -0500
Ted Unangst [EMAIL PROTECTED] wrote:
On Thu, Nov 13, 2008 at 12:35 PM, Aaron W. Hsu [EMAIL PROTECTED] wrote:
Is security-announce an open list? If not, give me access and I'll
keep it reasonably up to date, give or take a day or so of release of
the
On Thu, 13 Nov 2008 10:38:06 -0800
[EMAIL PROTECTED] (Randal L. Schwartz) wrote:
Surely, it would be easier to teach that small set of people (one?)
to cc the mailing list on a security announcement, rather than
expect that everyone with a core commit bit be reminded to watch
errata to notice
2008/11/13 Theo de Raadt [EMAIL PROTECTED]:
You guys out there on misc have more ideas that we can ignore?
quote src=http://www.openbsd.org/goals.html;
Do not let serious problems sit unsolved.
/quote
Best
Martin
On Thu, Nov 13, 2008 at 12:55:36PM -0500, Ted Unangst wrote:
On Thu, Nov 13, 2008 at 12:35 PM, Aaron W. Hsu [EMAIL PROTECTED] wrote:
Is security-announce an open list? If not, give me access and I'll
keep it reasonably up to date, give or take a day or so of release of
the Security Errata
On 12 Nov 2008, at 17:57, Peer Janssen wrote:
Hi!
I subscribed to security-announce a long time ago and thought I
would receive information about security annoucements, but contrary
to what is stated on http://openbsd.org/mail.html:
security-announce - Security announcements. This low
On Thu, 13 Nov 2008, Simon Connah wrote:
On 12 Nov 2008, at 17:57, Peer Janssen wrote:
Hi!
I subscribed to security-announce a long time ago and thought I would
receive information about security annoucements, but contrary to what is
stated on http://openbsd.org/mail.html:
On Wed, Nov 12, 2008 at 06:57:19PM +0100, Peer Janssen wrote:
I subscribed to security-announce a long time ago and thought I would
receive information about security annoucements, but contrary to what
is stated on http://openbsd.org/mail.html:
security-announce - Security announcements.
On Wed, 12 Nov 2008 21:32:57 -0600
Emilio Perea [EMAIL PROTECTED] wrote:
I don't think it's a big deal
since there are other ways of getting the information.
Given that we usually sign up to a security-announce mailing list for
good reason, if the list isn't working as intended, or there is
I don't think it's a big deal
since there are other ways of getting the information.
Given that we usually sign up to a security-announce mailing list for
good reason, if the list isn't working as intended, or there is some
misunderstanding as to why the list exists, then I'd like to
On Wed, 12 Nov 2008 21:32:57 -0600, Emilio Perea wrote:
On Wed, Nov 12, 2008 at 06:57:19PM +0100, Peer Janssen wrote:
I subscribed to security-announce a long time ago and thought I would
receive information about security annoucements, but contrary to what
is stated on
On Wed, Nov 12, 2008 at 10:32 PM, Emilio Perea [EMAIL PROTECTED] wrote:
FWIW, I received the Welcome to the security-announce mailing list!
message on 9/4/2002 and nothing since. I don't think it's a big deal
since there are other ways of getting the information.
Maybe you mean 2008, because
On Wed, Nov 12, 2008 at 11:36:10PM -0500, Ted Unangst wrote:
On Wed, Nov 12, 2008 at 10:32 PM, Emilio Perea [EMAIL PROTECTED] wrote:
FWIW, I received the Welcome to the security-announce mailing list!
message on 9/4/2002 and nothing since. I don't think it's a big deal
since there are
On Wed, 12 Nov 2008 21:17:46 -0700
Theo de Raadt [EMAIL PROTECTED] wrote:
It does not work because noone who works on OpenBSD runs -stable.
Then every few months some of you come and yell at us.
Not yelling, honest; I was just curious.
So, basically, no one has the time or motivation to send
It does not work because noone who works on OpenBSD runs -stable.
Then every few months some of you come and yell at us.
Not yelling, honest; I was just curious.
So, basically, no one has the time or motivation to send out updates?
None of the developers are on the list.
Heck! More
48 matches
Mail list logo