Date: Sat, 7 Oct 2000 21:39:29 -0500 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: hackers@freebsd.org Subject: Bugfixes, security fixes, versions Message-ID: <20001007213929.C24996@futuresouth.com>
next in thread | raw e-mail | index | archive | help
The whole "Stable Branch" thread on -security gave me an idea that's been perculating for some time. Problem: We have security problems in (say) -STABLE. They get fixed. We post an advisory about it, giving correction dates for -STABLE and -CURRENT, and the associated cutoff in which releases are fixed and which are not. However, tracking dates on buildworlds etc is hard. I'm sure I'm not the only one who usually does build/installworlds on source at least a week old. I check it it, built it, and if it's clean, wait to see if anyone else has any problems with it. And since I tend to put off building the kernel until I install, the date uname gives isn't necessarily useful for checking this sort of stuff. Idea: In the version string (or maybe somewhere else convenient), start adding codes at each -RELEASE along a branch. So, say we find a bug in fingerd. It's in 4.1-RELEASE, fixed in 4.1-STABLE at some point, and fixed in 4.2-RELEASE. We could add an 'a' to the version string in -STABLE, so it will read out as "4.1-STABLE a". Find another bug and fix it, we have "4.1-STABLE b". Presumably, this would only apply to such things as security holes, and potentially showstopper bugfixes. If we really needed more than 26, we could go to capital letters, or doubled in parenthesis ...xyz(aa)(ab). I somehow doubt that'd be a big problem. Then, the version string could indicate what holes have been caulked up in the system they're running. They could be reset at each -RELEASE, so the advisory can say: 4.1 and below is VULNERABLE 4-STABLE with code 'a' is NOT VULNERABLE 4.2 and above are NOT VULNERABLE I can see a few flaws in this idea, but I figured I'd toss it out and let the wolves tear it to shreds ;) -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001007213929.C24996>