From owner-cvs-all  Mon Jul 15 18:58:46 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2E6D337B400; Mon, 15 Jul 2002 18:58:42 -0700 (PDT)
Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C3C5F43E4A; Mon, 15 Jul 2002 18:58:41 -0700 (PDT)
	(envelope-from DougB@FreeBSD.org)
Received: from zoot.corp.yahoo.com (zoot.corp.yahoo.com [216.145.52.89])
	by mrout2.yahoo.com (8.11.6/8.11.6/y.out) with ESMTP id g6G1wdR07247;
	Mon, 15 Jul 2002 18:58:39 -0700 (PDT)
Received: from localhost (dougb@localhost)
	by zoot.corp.yahoo.com (8.12.5/8.12.5/Submit) with ESMTP id g6G1wb9f042918;
	Mon, 15 Jul 2002 18:58:37 -0700 (PDT)
Date: Mon, 15 Jul 2002 18:58:37 -0700 (PDT)
From: Doug Barton <DougB@FreeBSD.org>
To: Alexey Dokuchaev <danfe@regency.nsu.ru>
Cc: Alexandr Kovalenko <never@nevermind.kiev.ua>,
	<cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org>
Subject: Where security fixes should go, inre bind 8
In-Reply-To: <20020715223408.E53266@regency.nsu.ru>
Message-ID: <20020715185158.G39635-100000@zoot.corp.yahoo.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Mon, 15 Jul 2002, Alexey Dokuchaev wrote:

> Actually, I've always been under impression that essential security
> problems should be addressed in every stable branch,

You have gotten several excellent replies, however I want to be sure to
note that this understanding is incorrect. To do what you suggest would
take an enormous amount of resources, which we simply don't have.

Also, in the case of this particular fix, users have readily to hand a
solution that will work on every version of freebsd, namely installing
from the ports (and even overwriting the base if they choose to). We
backported the fix to releng_4_6 in preparation for 4.6.1 release. As I
already mentioned, I did releng_4_4 for the benefit of Julian and his
commercial customers who are "fixed" on that branch for the forseeable
future. Since I was going to do 4_4 anyway, and because the code/bmake
glue has not diverged much between those branches, I did releng_4_5 as a
bonus. However, in test-compiling releng_4_4 I found one bogon in the
bmake glue (by far the most complex part of the process) that had to be
fixed to make that work. One was enough to convince me not to go any
further back down the tree. I've already spent more time on this project
than I originally allocated for it.

Thanks for your interest,

Doug


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message