From owner-freebsd-current@FreeBSD.ORG Fri Oct 3 19:10:43 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 463A916A4B3 for ; Fri, 3 Oct 2003 19:10:43 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id D771D43FD7 for ; Fri, 3 Oct 2003 19:10:41 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id h942Afcw033764 for ; Fri, 3 Oct 2003 22:10:41 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id h942AfXJ033763 for current@freebsd.org; Fri, 3 Oct 2003 22:10:41 -0400 (EDT) (envelope-from barney) Date: Fri, 3 Oct 2003 22:10:41 -0400 From: Barney Wolff To: current@freebsd.org Message-ID: <20031004021041.GA33705@pit.databus.com> References: <20031004014527.GB32411@pit.databus.com> <20031004015404.GW72999@procyon.firepipe.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031004015404.GW72999@procyon.firepipe.net> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.37 Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Oct 2003 02:10:43 -0000 On Fri, Oct 03, 2003 at 06:54:04PM -0700, Will Andrews wrote: > On Fri, Oct 03, 2003 at 09:45:27PM -0400, Barney Wolff wrote: > > I'm finally motivated to ask, why don't security advisories contain > > the equivalent revs for -head? Surely I can't be the only person > > following -current who doesn't build every day. > > Simply because the SO does not support -CURRENT. Does this mean that the situation can ever arise where a security bug is corrected in the advisory's announced releases but not in -current? Or, can we assume that as of the time of the security announcement the vulnerability has *always* been corrected in -current? Thanks, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.