[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: Security ad Reliability advisories
From: Gerardo Santana Gomez Garrido <santana () openbsd ! org ! mx>
Date: 2002-08-28 18:21:18
[Download RAW message or body]
On Wed, Aug 28, 2002 at 10:48:21AM -0700, Ben Goren wrote:
> On Wed, Aug 28, 2002 at 12:24:54PM -0500, Gerardo Santana Gomez
> Garrido wrote:
>
> > On Wed, Aug 28, 2002 at 10:13:53AM -0700, Ben Goren wrote:
> >
> > > On Wed, Aug 28, 2002 at 12:04:26PM -0500, Gerardo Santana
> > > Gomez Garrido wrote:
> > >
> > > > There are some tools out there that retrieve the list of new
> > > > patches for OpenBSD by querying the FTP or HTTP servers at
> > > > least once a day, maybe more.
> > > >
> > > > This supposes significat traffic that can be avoided,
> > > > providing an appropriate announce service.
> > >
> > > It's called security-announce@openbsd.org. There's also
> > > announce@openbsd.org.
> >
> > Are you subscribed? I'm afraid not, or you would know what I am
> > talking about.
>
> Yes, I am subscribed. I get infrequent advisories that correspond
> with the infrequent vulnerabilities. Do you get something
> different?
Did you receive all the advisories for OpenBSD 3.1?? I don't think so.
There are currently 14 advisories for OpenBSD 3.1 and most of them
are missed.
>
> > I mean *appropriate announce service*, not crap. Verify your
> > sources before posting.
>
> Define ``appropriate.'' I find it perfectly appropriate, but it
> would seem you do not. What I get is definitely not crap. Perhaps
> you could provide an example of some crap that came from
> security-announce?
With appropriate I mean an efficient system for deliverying *all*
advisories, in the same message format, so that can be processed later.
Anything less than this is crap.
> I also haven't heard any complaints from anybody who maintains any
> of the FTP or HTTP mirrors about excessive traffic generated by
> cron jobs. If it's just a matter of fetching /errata.html, that's
> barely even a blip that'll register on a server that offers over
> five gigabytes of files just for the latest release. Are *you*
> having DOS problems related to other people pounding the servers
> for updates? If so, that's something else to address. But, if it's
> not a problem, what's the problem?
It is certainly not *excesive* traffic, but we have two situations here:
a) unnecessary traffic, mainly because of
b) a defficient security-announce list
That's the problem. We can make things better than this, can't we?
--
Gerardo Santana Gómez Garrido
http://www.openbsd.org.mx/~santana/
OpenBSD México
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic