Michael.Young%cmu-cs-g@sri-unix.UUCP (06/22/83)
I feel I'm in the minority here, but I don't think a separate "secure" mailing list is all that worthwhile. For one, lots of people have given ways for "bad guys" to get the stuff anyway, unless the distributor spends a LOT of effort to avoid it. Any site which has someone reading this list ought to have some system administrator to fix the bugs too. Thus, there would only be a little while when a "bad guy" could attack before the fix hit. If you're still paranoid, send mail to "root" (or "postmaster", if you think that site will answer to that) telling the names of all users on the list there. It seems to me that a fast, simple procedure for reporting and fixing bugs is more important than keeping it incredibly secure. After all, if the bug isn't fixed, it's a matter of time before some "bad guy" finds the bug all by him/herself. Michael