Date: Tue, 8 Apr 2003 12:52:29 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Mike Meyer <mwm-dated-1050242618.1ac2ff@mired.org> Cc: Miguel Gon?alves <miguelg@fe.up.pt> Subject: Re: Old version support Message-ID: <20030408195229.GB65482@rot13.obsecurity.org> In-Reply-To: <16018.54969.764773.922302@guru.mired.org> References: <Pine.LNX.4.33.0304081414220.13566-100000@gnomo.fe.up.pt> <16018.54969.764773.922302@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--s2ZSL+KKDSLx8OML Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 08, 2003 at 09:03:37AM -0500, Mike Meyer wrote: > In <Pine.LNX.4.33.0304081414220.13566-100000@gnomo.fe.up.pt>, Miguel Gon?= alves <miguelg@fe.up.pt> typed: > > I am going to install a FreeBSD 4.8 server to be used only as > > a SMB server for a small network of Windows clients. I intend > > to install it and leave it running without much administration > > intervention (except for security bugs because we all know that > > the other bugs are hard to find in FreeBSD). > >=20 > > Given the current End-of-Life policy for FreeBSD releases I was > > wondering how can I know about security problems for unsupported > > FreeBSD releases. For example, if I install 4.8 know and if in > > 2 years a kernel security bug is found that affects only the 4.x > > branch I suppose that a SA wouldn't be released. This could be > > less far-fetched: I could be running 4.4 know and I wouldn't > > know about security bugs that I should be aware of. >=20 > I think your supposition isn't necessarily correct. Security fixes are > still going into 3.x, where applicable. You can expect 4.x to > supported for security fixes until 6-STABLE shows up. The real > question is how long patches will show up 4.x-RELEASE's other than the > last one after 5-STABLE shows up. Since there weren't security patches > for 3.x, there's no prior experience to provide guidance. This is kind of wrong. Security fixes are usually not committed to 3.x (that release has been EOLed for some time), and the current support lifetime for 4.x releases is documented on www.freebsd.org/security (basically for 1 year after release). Kris --s2ZSL+KKDSLx8OML Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+kyh9Wry0BWjoQKURAlQvAJwKxTD79dMmcARUQeChSdsBVHza/gCfYDMQ ZJn6Pcr/w8e5Xwqi9hZY/9E= =WNbM -----END PGP SIGNATURE----- --s2ZSL+KKDSLx8OML--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030408195229.GB65482>