Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!uakari.primate.wisc.edu!xanth!mcnc!decvax!ima!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards
Subject: Re: sendmail/ftpd security-holes raise their ugly heads again...
Summary: security mailing-list
Message-ID: <32@minya.UUCP>
Date: 11 Oct 89 14:49:02 GMT
References: <21@minya.UUCP> <12661@orstcs.CS.ORST.EDU>
Organization: home
Lines: 25

> So -- now that the vendor has been told, the fix has been propogated and 
> everyone has had time to install it, it's time to tell the security
> mailing list about it.

Security mailing list?  What security mailing list?  I keep hearing rumors
about such a thing, but when I inquire, I'm told that they won't even tell
how to contact it, because I might be a malicious hacker intent on taking
advantage of such vital knowledge.  I suspect that this is a cover for the
fact that there isn't a real security mailing list.

I was in fact reinforced in this belief a couple of years back, when I did
get on a security mailing list for a while.  What a letdown.  I didn't read
a single article that told me something I didn't already know.  At least
half of the postings were concerning problems with setuid, from people who
clearly didn't understand the difference between setuid and setuid-root.

Is there a real security mailing list, that won't waste my time with such
silliness, and will actually teach me something?  Can I get on it?  Even
if I no longer have a job that requires a security clearance?  

-- 
#echo 'Opinions Copyright 1989 by John Chambers; for licensing information contact:'
echo '	John Chambers <{adelie,ima,mit-eddie}!minya!{jc,root}> (617/484-6393)'
echo ''
saying