Changing `security@freebsd.org' alias
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Apr 7 08:43:34 PDT 2004
Hello Folks,
The official email address for this list is
`freebsd-security at freebsd.org'. Due to convention, there is an email
alias for this list: security at freebsd.org, just as there is for
hackers@ & freebsd-hackers@, arch@ & freebsd-arch@, and so on.
The security at freebsd.org alias has been the source of occassional
problems. Several times in the past, postings have been made to that
address under the assumption that address was directed to security
response personnnel, and not a public mailing list. Of course, this
was a reasonable assumption. Practically every vendor in the universe
uses security@ for that purpose, largely because RFC 2142 strongly
recommends it for that purpose.
And sometimes one just makes a typo. It has not been
too uncommon for people to forget the `-officer' part of
`security-officer at freebsd.org'. (Yours truly has been guilty of
this.)
Mistaken early disclosure of a vulnerability can have consequences
from the merely embarrasing to catastrophic. Therefore, I am
proposing that `security at freebsd.org' be re-routed to the Security
Officer.
I imagine this will have some significant impact: there must be
many references to security at freebsd.org as a public list out there.
So, I thought I'd air the issue here before sending any request to
postmaster at .
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security
mailing list