[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability


On Jan 25, 2005, at 22:57, Rembrandt wrote:

On Tue, 25 Jan 2005 21:51:01 -0700
Mandrake Linux Security Team <security@xxxxxxxxxxxxxxxxxx> wrote:

Dear Mandrake Linux Security Team,
Why can't you spam another mailinglist?
Or create an own for your PATCHES....

It nerves to get more then one mail from you at month.
How do you provide something?
Codes? ProofOfConcep-Exploits?
You just write "We fixed..."
Or in other words "Hey guys there's something wrong with a package
related to our OS."

If MS would send every patch they wrote a mail to this mailinglist the
list-owner would kickout MS for that.
I don't know why it should be different for you or any other OS.

Hmmm... like many other vendors, we "spam" a number of mailing lists (FD, bugtraq (when they feel like putting new messages through), and our own security-announce list). Do you rant at Gentoo, Debian, Ubuntu... (the list goes on) as well?

Anyways, you seem to be a moderately intelligent person so why don't you setup a filter in sylpheed to send all mail from security@xxxxxxxxxxxxxxxxxx to /dev/null? Should be pretty straightforward. That way you don't have to get "nerved" and the people who do appreciate the advisories can continue to receive them.

If the list owners asked us to stop, we would respectfully do it. But, since you're asking, I think I'll just leave it up to you to figure out how to filter mail (it's a fairly amazing concept once you get it figured out).

--
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html