From owner-freebsd-security@FreeBSD.ORG Sun Aug 24 10:47:59 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CE1C16A4BF for ; Sun, 24 Aug 2003 10:47:59 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-64-169-107-97.dsl.lsan03.pacbell.net [64.169.107.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id B397643F93 for ; Sun, 24 Aug 2003 10:47:58 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 0F65266B04; Sun, 24 Aug 2003 10:47:58 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id C8C60643; Sun, 24 Aug 2003 10:47:57 -0700 (PDT) Date: Sun, 24 Aug 2003 10:47:57 -0700 From: Kris Kennaway To: Colin Percival Message-ID: <20030824174757.GA9678@rot13.obsecurity.org> References: <20030824170354.GA9172@rot13.obsecurity.org> <5.0.2.1.1.20030824064019.02d7d090@popserver.sfu.ca> <5.0.2.1.1.20030824064019.02d7d090@popserver.sfu.ca> <5.0.2.1.1.20030824103515.02cbf388@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20030824103515.02cbf388@popserver.sfu.ca> User-Agent: Mutt/1.4.1i cc: freebsd-security@freebsd.org cc: Kris Kennaway Subject: Re: EoL dates X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 17:47:59 -0000 --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 24, 2003 at 10:38:49AM -0700, Colin Percival wrote: > At 10:14 24/08/2003 -0700, I wrote: > > Either I'm missing your point, or you're missing my point. There are= =20 > >five release branches now which are "not officially supported", but I=20 > >have yet to see any circumstance where they have, in fact, not been=20 > >supported. If those branches were not being supported because people=20 > >were too busy to support them, I'd understand perfectly; but as far as I= =20 > >can see, those branches *are* being supported. >=20 > Oops. As hawkeyd@visi.com has just pointed out to me, I didn't look fa= r=20 > enough; SA-03:01, :02, :03, :05, and :06 didn't have official patches for= =20 > the unsupported branches. Yep. In many cases the security team will go "beyond the call of duty" to fix problems in non-supported releases, but it comes down to factors like how significant the hole is, how easy the patch is to backport and how motivated security-officer is to fix it for non-supported releases. Kris --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/SPpNWry0BWjoQKURAuvnAKCFwVUVjRDwTKXYsGBO/ZIt7n9thgCeMaA6 xMIa/rrKiksKCaAIzHegT4Q= =ok2R -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu--