Date: Thu, 13 Oct 2005 15:29:01 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Ivan Voras <ivoras@fer.hr> Cc: freebsd-security@freebsd.org, jere <jere@htnet.hr>, Tobias Roth <roth@iam.unibe.ch> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl Message-ID: <20051013132901.GH45070@obiwan.tataz.chchile.org> In-Reply-To: <434D1A21.9040104@fer.hr> References: <200510111202.j9BC2obf081876@freefall.freebsd.org> <434CBDC2.4070405@open-networks.net> <434CE0F1.6090400@htnet.hr> <20051012134440.GA17517@droopy.unibe.ch> <434D1A21.9040104@fer.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
> >On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote: > > >And you cannot expect the port maintainers > >to backport security fixes if the upstream provider chose to release the > >fix only together with a new version. > > Yes you can, ask these guys: http://www.debian.org/. It's just a matter > of policy. OTOH, Debian packages maintainers chose to do this work whereas asking FreeBSD ports maintainers to do this extra work just now is awkward. Yes, the FreeBSD project could still ask for volunteers for this job but anyway I noticed that this kind of policy leads to delayed package updates whereas merely changing the Makefile in order to upgrade the port is very quick. The best example I can give to this is Firefox. Recently we have seen a great increase of security advisories about it. As both a FreeBSD and Debian user I have to admit that the FreeBSD port is often updated before the Debian package (however I must also admit this compares somewhat the two maintainers). Eventually I would say that when someone administers a network, I think it is his own responsability to choose softwares whose release process is serious enough - which used to be a major reason for using FreeBSD - and it is not the responsability of FreeBSD to overcome their deficiencies. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051013132901.GH45070>