Date: Thu, 18 Apr 2002 12:00:07 -0600 From: Brett Glass <brett@lariat.org> To: nate@yogotech.com (Nate Williams) Cc: David Wolfskill <david@catwhisker.org>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <4.3.2.7.2.20020418115527.021d9f00@nospam.lariat.org> In-Reply-To: <15551.1949.581870.277391@caddis.yogotech.com> References: <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:51 AM 4/18/2002, Nate Williams wrote: >Pray tell who is going to very that a snapshot is both 'known and good'? That's not "known and good" -- it's "known TO BE good." >Simply applying security patches doesn't (necessarily) qualify as giving >you your requirement, Not if the version being used has also been altered in other ways. >This ain't rocket science here.... No, it's not. Other open source projects issue periodic "patch level N" snapshots between releases. If a significant security event occurs, FreeBSD should as well. Pick a snapshot after the fixes have gone in, test it, and post it as the next patch level... one that's a relatively safe bet for an admin to upgrade to. In other words, you should be able to go to the download site and actually find a build labeled FreeBSD 4.5-RELEASE-p3. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020418115527.021d9f00>