[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)
|
From: |
dickey |
|
Subject: |
Re: lynx-dev Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) |
|
Date: |
Fri, 30 Oct 1998 05:09:16 -0500 (EST) |
>
> > It's only common courtesy to report these things to the developers before
> > a public list.
> >
>
> Lynx-dev is a public list.
>
> What many on lynx-dev may not realise is that what he is reporting are
> methods of taking control of the machine running Lynx from the web site.
> As such there is an argument that when you go public you hit as many
> people concerned with security as possible, otherwise there is a risk
> that the hackers hear the reports but the protectors don't.
>
> These are potentially serious security flaws, not just crashes in weird
> cases.
true - but not reporting it to the people who will do something about it
is unethical, not merely rude.
what we have here is a case of someone spreading rumors in a different
corner of the net - some of it is true, some of it not, and not all of
it has the connotation that he assigns to it. I'll use the reports, but
have little respect for the person who originated it.
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
- lynx-dev Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice), brian j. pardy, 1998/10/29
- Re: lynx-dev Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice), Nelson Henry Eric, 1998/10/29
- Re: lynx-dev Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice), dickey, 1998/10/29
- Re: lynx-dev Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice),
dickey <=