[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] pine

To: progsoc@nospam.progsoc.uts.edu.au
Subject: Re: [ProgSoc] pine
From: Nicholas FitzRoy-Dale <wzdd@nospam.lardcave.net>
Date: Wed, 17 Apr 2002 14:26:44 +1000 (EST)
In-Reply-To: <1019015278.3cbcf06e65b9d@nospam.webmail.progsoc.uts.edu.au>
List-Archive: <http://www.progsoc.uts.edu.au/lists/progsoc/>
List-Id: <progsoc.progsoc.uts.edu.au>
Sender: owner-progsoc@nospam.progsoc.uts.EDU.AU

At 1:47pm on the 17th of April, John Elliot wrote:

> you want to run a security argument, it is a much more secure method of raising
> concerns since it was private (although i realise it was probably mostly a
> prank / free software rant). we now have a public notification
> (http://www.progsoc.uts.edu.au/lists/progsoc/current/msg00834.html) of a
> security hole in software run on our network, thx nick. - if you had real
> concerns you would have helped fix the problem _first_ then had ur whinge after.

That, apart from being the most supremely daft argument I've ever heard
(advocating security through obscurity puts you in the same camp,
security-wise, as Microsoft Corp.) highlights another point - I don't
believe that the current version of Pine is so much of a security risk that
I would not post to a public mailing list about it. Presumably nobody else
here believes that either, because Pine has not been removed from ftoomsh.

Actually, I pretty much agree with you that the "security /
maintainability" argument is a strawman. I'm mostly in agreement with
you when you write, "it was probably mostly a prank / free software rant".
Hence my calling the maturity of the admin into question. If an urgent
security vulnerability had been discovered, the correct thing to do from a
system administration perspective would be to remove the program, kill all
instances of it, put a message in the motd and wall(1) the current users.
Not write a dinky little shell script.

That said, I think it's important that Pine be upgraded and properly
configured, and I am willing to do the work and accept the responsibility.

- Nicholas FitzRoy-Dale
http://www.lardcave.net

Q: Can I have a conversation with you?
A: Have two, they're small!
- http://gs72.sp.cs.cmu.edu/cgi-bin/cube-hof.html

-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

Follow-Ups:
- Re: [ProgSoc] pine
  - From: Justin Warren <daedalus@nospam.eigenmagic.com>

References:
- Re: [ProgSoc] pine
  - From: John Elliot <jselliot@nospam.progsoc.uts.edu.au>

Prev by Date: Re: [ProgSoc] pine
Next by Date: Re: [ProgSoc] pine
Prev by thread: Re: [ProgSoc] pine
Next by thread: Re: [ProgSoc] pine
Index(es):
- Date
- Thread