From owner-freebsd-stable Mon Dec 16 21:13:01 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id VAA28382 for stable-outgoing; Mon, 16 Dec 1996 21:13:01 -0800 (PST) Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id VAA28375 for ; Mon, 16 Dec 1996 21:12:57 -0800 (PST) Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id WAA07056; Mon, 16 Dec 1996 22:12:51 -0700 (MST) Date: Mon, 16 Dec 1996 22:12:51 -0700 (MST) Message-Id: <199612170512.WAA07056@rocky.mt.sri.com> From: Nate Williams To: Gary Schrock Cc: freebsd-stable@freebsd.org Subject: Re: why is -stable not secure? In-Reply-To: <3.0.32.19961216230153.006a7190@eyelab.msu.edu> References: <3.0.32.19961216230153.006a7190@eyelab.msu.edu> Sender: owner-stable@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > - from an admin's perspective, -stable is far from dead. > > There isn't even another release out yet; how can it be > > dead? We need something to run on our servers. If it were > > typical MicroSoft junk we may need to upgrade to try to > > make it work, but -stable works. Very very well. Too > > well to upgrade to 2.2 until it is proven. The first > > 2.2 release will have more bugs than -stable has now. > > More features, but more bugs; they will get worked out, but > > not overnight. Many people are using FreeBSD for servers > > because they see it as having more stability over time > > than the L word. For the people using -stable in a server > > features don't matter. Minor (in that they are a few > > lines of code, not that they are unimportant) security > > fixes are important. > > Personally I think this hits the nail on the head. Especially since > there's no alternative at this point besides the -stable branch for those > of us who need a solid server that's not undergoing constant change for > adding/stabilizing features that by in large we don't have a need for > immediately. I've seen a lot of 'the users this' and 'the developers that' > about this issue, but let's face it: until there is a 2.2-stable, there is > an absolute necessity for 2.1-stable, and that needs to include security > patches. Fine. Provide the resources for someone to patch 2.1. Nate