From owner-freebsd-security  Mon Oct  2 14:48:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 6E3E637B502
	for <security@FreeBSD.ORG>; Mon,  2 Oct 2000 14:48:12 -0700 (PDT)
Received: from bsdie.rwsystems.net([209.197.223.2]) (2333 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m13gDAT-000CDdC@bsdie.rwsystems.net>
	for <security@FreeBSD.ORG>; Mon, 2 Oct 2000 16:30:37 -0500 (CDT)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25)
Date: Mon, 2 Oct 2000 16:30:36 -0500 (CDT)
From: James Wyatt <jwyatt@rwsystems.net>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: Brett Glass <brett@lariat.org>,
	"Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG
Subject: Re: ftpd bug in FreeBSD through at least 3.4 
In-Reply-To: <21970.970515180@critter>
Message-ID: <Pine.BSF.4.10.10010021621510.43354-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 2 Oct 2000, Poul-Henning Kamp wrote:
> In message <Pine.BSF.4.10.10010021410490.43354-100000@bsdie.rwsystems.net>, Jam
> es Wyatt writes:
> >On Mon, 2 Oct 2000, Poul-Henning Kamp wrote:
> >> In message <4.3.2.7.2.20001002124607.00df8150@localhost>, Brett Glass writes:
> >> >At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote:
> >> >
> >> >>3.4 is a dead branch, 2.x even more so.
> >> >
> >> >People are still running it 3.x, though. LOTS of people. 
> >> 
> >> Doesn't change the fact that it's a dead branch.
> >
> >Doesn't change the fact that "LOTS of people" are still running it...  
> >Geez, what a curt, rude, throw-your-hands-up answer.
> >
> >Are you saying that if we found a terrible bug (not this easy one)
> >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@
> 
> Yes, I am saying that.

Then why is Walnut Creek CDROM still selling it as a current product? I
don't see Fry's selling older copies of Windows 3.* or DOS 3/4/5, do you?

I know there are two forks of FreeBSD - active and stable. That's great
for making "leading-edge v.s. state-of-the-art" decisions, but even the
palace at Redmond will give me free fixes for Win95 security bugs. (Some
think of it as a quantity discount as bug counts go infinite, price goes
to zero. (^_^)

OS revisions are a fact of life, but since 4v0 was just released in April
and took some time to get to 4v1 (never trust %d.0 releases), I would have
expected a bit more support. Sometimes CVS isn't the answer - like the
2v2r8 release firewall one of my cheaper clients has. We are going to put
a 4v1r1 box in place of it, but usually replacement is a pain. - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message