From owner-freebsd-stable@FreeBSD.ORG Sun Sep 21 10:29:57 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0D817106566C; Sun, 21 Sep 2008 10:29:57 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6003E8FC0C; Sun, 21 Sep 2008 10:29:56 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTP id 0D52646B0C; Sun, 21 Sep 2008 06:29:55 -0400 (EDT) Date: Sun, 21 Sep 2008 11:29:54 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Simon L. Nielsen" In-Reply-To: <20080920205645.GI1151@arthur.nitro.dk> Message-ID: References: <15F15FD1-3C53-4018-8792-BC63289DC4C2@netconsonance.com> <448wtpcikb.fsf@be-well.ilk.org> <34C3D54B-C88C-4C36-B1FE-C07FC27F8CB5@netconsonance.com> <20080920020703.GA82392@phat.za.net> <851F09A2-788D-4343-9E00-A0AB5C3AC063@netconsonance.com> <4d7dd86f0809192057s33dfd92fv598488a4c05ada14@mail.gmail.com> <4B2A556D-B13D-4B71-819A-F9B23C5685AF@netconsonance.com> <20080920205645.GI1151@arthur.nitro.dk> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Jo Rhett , freebsd-stable Subject: Re: Upcoming Releases Schedule... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Sep 2008 10:29:57 -0000 On Sat, 20 Sep 2008, Simon L. Nielsen wrote: > - The more branches are supported, the more versions of both third > party code and FreeBSD code need to be supported and the more likely > it is that the software differs meaning that we need to adopt the > fix to the branch. The real painful case for this was > FreeBSD-SA-07:01.jail which AFAIR needed 6 different patches. This > is one of the largest time cost with support many branches as this > is by no means a linear cost. The older a branch is, the more > likely it is that the code is much different than newer FreeBSD > versions. > > This also the reason secteam was very happy when we could > discontinue FreeBSD 4 support as it was significantly different from > FreeBSD 5+. In that respect supporting FreeBSD 5 in the end was > much cheaper than supporting FreeBSD 4 in the end. Of course this > is less likely to be a problem in the future like it was with > FreeBSD 4, but still - FreeBSD 5 and FreeBSD 8 are rather different > and would not be fun to support both. Let me give an example from a slightly older branch here as well: we de-supported FreeBSD 3.x for "local" security vulnerabilities because we hit the libncurses security vulnerability. The only real option to pick up the fix was to adopt new version of libncurses, and that radically changed the libcurses API (part of the fix). This, in turn, cascaded into other applications, such as top, vi, etc, which all use ncurses, so the net effect would have been not just a significant API change, but also modifications to countless system utilities. Such a change might not even be appropriate for a minor branch, let alone a security branch where we try to ensure minimalist fixes to avoid security patches leading to other potential regressions. Robert N M Watson Computer Laboratory University of Cambridge