On Fri, 1 Feb 2002, James wrote:
Too Bad that I've added to your information overload sunshine; I just knew that someone would complain. As far as security is concerned, there is one maxim you may also know from assembler programming: Assume Nothing.
And there is one maxim you may know from netiquette: read the lists for a while before contributing. You will see a big discussion of security posts not long ago.
I handed out a CD containing updates with this broken rsync on it at an ALUG meeting, so in this instance I had a responsibility to warn the recipient, and anyone else that might had taken copies of it.
"Hi, I recently distributed CDs with this flaw <url>, anyone that got one should check their systems" would have been more appropriate.
Also - Redhat's listserver often gets constipated and doesn't send out notices in a timely manner.
So use a proper distro :-)
Don't get me wrong, I'm not trying to be unfriendly, but James Ray is absolutely right (although I hate admitting it!) when he says "don't post security announcements here" although his justifications may be a little off. See the ALUG archives for details of why security posts are a Bad Thing.
Andrew.