From owner-freebsd-current@FreeBSD.ORG Fri Oct 3 19:17:54 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 010AE16A4B3 for ; Fri, 3 Oct 2003 19:17:54 -0700 (PDT) Received: from procyon.firepipe.net (procyon.firepipe.net [198.78.66.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id F352243FA3 for ; Fri, 3 Oct 2003 19:17:50 -0700 (PDT) (envelope-from will@csociety.org) Received: by procyon.firepipe.net (Postfix, from userid 1000) id 8900620A7F; Fri, 3 Oct 2003 19:17:50 -0700 (PDT) Date: Fri, 3 Oct 2003 19:17:50 -0700 From: Will Andrews To: Barney Wolff Message-ID: <20031004021750.GX72999@procyon.firepipe.net> Mail-Followup-To: Barney Wolff , current@freebsd.org References: <20031004014527.GB32411@pit.databus.com> <20031004015404.GW72999@procyon.firepipe.net> <20031004021041.GA33705@pit.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031004021041.GA33705@pit.databus.com> User-Agent: Mutt/1.4.1i cc: current@freebsd.org Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Oct 2003 02:17:54 -0000 On Fri, Oct 03, 2003 at 10:10:41PM -0400, Barney Wolff wrote: > Does this mean that the situation can ever arise where a security bug > is corrected in the advisory's announced releases but not in -current? > Or, can we assume that as of the time of the security announcement > the vulnerability has *always* been corrected in -current? No. Yes. The rule is that changes are always committed to -CURRENT first, unless they do not apply. This rule is rarely broken in FreeBSD, and certainly never broken for security issues. Regards, -- wca