Date: Wed, 12 Oct 2005 16:13:53 +0200 From: Ivan Voras <ivoras@fer.hr> To: Tobias Roth <roth@iam.unibe.ch> Cc: freebsd-security@freebsd.org, jere <jere@htnet.hr> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl Message-ID: <434D1A21.9040104@fer.hr> In-Reply-To: <20051012134440.GA17517@droopy.unibe.ch> References: <200510111202.j9BC2obf081876@freefall.freebsd.org> <434CBDC2.4070405@open-networks.net> <434CE0F1.6090400@htnet.hr> <20051012134440.GA17517@droopy.unibe.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Tobias Roth wrote: > On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote: > And you cannot expect the port maintainers > to backport security fixes if the upstream provider chose to release the > fix only together with a new version. Yes you can, ask these guys: http://www.debian.org/. It's just a matter of policy. I dislike the long cycles between version updates in Debian but must admit that the "stable" distributions indeed justify their name, INCLUDING packages. My idea is that there could maybe be some "core" ports, about 1500 or so, that would get the special treatment of beeing updated in such a "stable" fashion on a branch in ports tree tagged (for example) RELENG_6_0. These ports would be publically announced as being "anchored" to a release and updated (including backporting security fixes) for as long as the release is maintained by the FreeBSD's security team.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?434D1A21.9040104>