From owner-freebsd-stable Mon Dec 16 18:20:18 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id SAA25873 for stable-outgoing; Mon, 16 Dec 1996 18:20:18 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id SAA25866; Mon, 16 Dec 1996 18:20:16 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id TAA01403; Mon, 16 Dec 1996 19:19:53 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id TAA11581; Mon, 16 Dec 1996 19:19:38 -0700 (MST) Date: Mon, 16 Dec 1996 19:19:38 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: Warner Losh cc: freebsd-security@freebsd.org, stable@freebsd.org Subject: Re: why is -stable not secure? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-stable@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [this may be the start of a nice long useless discussion that has been gone through 100x before; please followup only to the -stable list and NOT to freebsd-security. No, this spew isn't all a response to what Warner has said since he is just echoing reality but is a response to the way things seem to be and where I think it would be nice if they would be.] On Mon, 16 Dec 1996, Warner Losh wrote: > In message Marc Slemko writes: > : Because no one has put them there. They can be there the second after > : they are in -current if they are put there; that happens when the person > : committing them feels confident enough in the patch and has the time to. > > Likely because no one is confortable enough making blind commits to > the -stable branch. I've put a few deltas into the stable branch, but > only after finding people to test them. It is much harder than it > would appear. > > -stable is dead dead dead dead. (the CVS branch based on 2.1.x that > is). If you are worried about security, running 2.2 when it is > released may be your best bet. > > wish I had better news :-( This discussion was bound to come up. It has before, it will again; perhaps about 2.2 next time. Several points: - from a developer's perspective, -stable has been dead for a long time. To some degree it has held back -current developemnt and has resulted in the development version getting too far away from the latest release. This is bad. - from an admin's perspective, -stable is far from dead. There isn't even another release out yet; how can it be dead? We need something to run on our servers. If it were typical MicroSoft junk we may need to upgrade to try to make it work, but -stable works. Very very well. Too well to upgrade to 2.2 until it is proven. The first 2.2 release will have more bugs than -stable has now. More features, but more bugs; they will get worked out, but not overnight. Many people are using FreeBSD for servers because they see it as having more stability over time than the L word. For the people using -stable in a server features don't matter. Minor (in that they are a few lines of code, not that they are unimportant) security fixes are important. - There are many around who could maintain their own local security and serious bug fixes for -stable; many already do. I think there are a significant number of people to which things like security patches to -stable are of importance. - For a long time -stable was treated very carefully because, well, it is supposed to be stable. That caution was warranted and, to a large degree, still is. However, I think that perhaps at this point in -stable's life people should become less concerned about breaking the -stable tree if that means they are more willing to commit to it. Put all these things together, and I think it is worthwhile to keep minimal support for -stable going. Not normal bugfixes, but things like significant security holes. So I think the questions are: - how many existing committers are there that are willing to commit fixes to -stable? - if there isn't enough support on the existing team of committers (and I can certainly understand why that may be the case) for important patches to make it to -stable without special "outside" effort , would it help if someone took the role of "-stable patch dude"? He would take submissions and track -current changes for patches which should be backported to -stable and submit them in a nice, easy to commit well tested format to an existing committer willing to to deal with -stable at that level. If this is necessary, I would be willing to try doing something if no one more suitable is found. - if not, who will be the first to start a seperate repository of either -stable patches or a full -stable with pathes source tree? I realize that most developers want to let -stable die, and agree with their reasons for doing so. However, I have trouble with simply killing it with no alternatives present.