Date: Wed, 12 Oct 2005 10:23:16 -0400 From: Mike Tancsa <mike@sentex.net> To: Ivan Voras <ivoras@fer.hr> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl Message-ID: <6.2.3.4.0.20051012101734.0675f208@64.7.153.2> In-Reply-To: <434D1A21.9040104@fer.hr> References: <200510111202.j9BC2obf081876@freefall.freebsd.org> <434CBDC2.4070405@open-networks.net> <434CE0F1.6090400@htnet.hr> <20051012134440.GA17517@droopy.unibe.ch> <434D1A21.9040104@fer.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:13 AM 12/10/2005, Ivan Voras wrote: >Tobias Roth wrote: >>On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote: > >>And you cannot expect the port maintainers >>to backport security fixes if the upstream provider chose to release the >>fix only together with a new version. > >Yes you can, ask these guys: http://www.debian.org/. It's just a >matter of policy. > >I dislike the long cycles between version updates in Debian but must >admit that the "stable" distributions indeed justify their name, >INCLUDING packages. > >My idea is that there could maybe be some "core" ports, about 1500 or so, This sounds like a recipe for confusion. Some users have problems distinguishing between whats in the base, and whats out of the ports. Another type of "psudo base app" would just add to the confusion. Users / admins need to take *some* responsibility for what is installed on their system. Many ports are not very well maintained in the first place and to say that the security team should be responsible for another 1500 applications is not realistic. ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20051012101734.0675f208>