Path: utzoo!yunexus!geac!geaclib!lethe!dave
From: dave@lethe.UUCP (David Collier-Brown)
Newsgroups: comp.unix.wizards
Subject: Re: Security mailing list
Message-ID: <3432@geaclib.UUCP>
Date: 19 Nov 88 03:02:08 GMT
Article-I.D.: geaclib.3432
References: <386@tron.UUCP>
Sender: daveb@geaclib.UUCP
Reply-To: geaclib!lethe!dave
Organization: Interleaf Canada Inc. (News courtesy of Geac)
Lines: 25


>>In article <17841@glacier.STANFORD.EDU> jbn@glacier.UUCP (John B. Nagle) writes:
>>>I suggest that the security mailing list be posted to a newsgroup,
>>>but with a 60-day delay.
> 
From article <386@tron.UUCP>, by moran@tron.UUCP (Harvey R Moran):>     
> I wonder how many more people out there believe that sites without
> access to the security mailing list (or possibly even USENET) should
> have their risks increased pretty significantly?  How about us binary
> liscense sites?
>

 Well, consider two points:

	1) If you're not one the net, and preferably don't support
async communications, your insecurity to communications-related
attacks is not significantly affected.
	2) Binary sites get patches too: my sun comes with patches
printed on paper, for me to apply the hard way.

  The suggestion of a 60-day timeout is by no means a cure-all. It
is a heuristic to improve the general case while minimizing impact
upon other cases.

--dave