Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2001 09:43:35 +0200
From:      Roberto Nunnari <nunnari@die.supsi.ch>
To:        Scott Johnson <sjohn@airlinksys.com>
Cc:        freebsd-security <freebsd-security@freebsd.org>
Subject:   Re: Security Announcements?
Message-ID:  <3AD55CA7.80101@die.supsi.ch>
References:  <3AD33218.FE8D7ACD@ursine.com> <001d01c0c1fc$23d73680$0508a8c0@lofi.dyndns.org> <20010410215014.A8173@scientia.demon.co.uk> <007d01c0c274$58ff11c0$94cba8c0@hh.kew.com> <3AD4475A.4050104@die.supsi.ch> <20010411122832.A91506@ns2.airlinksys.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Scott,

run '-release' (like many others out there) is your
choice and I respect it. I don't discuss that you
have or not a valid point to do so.

In your email you express your ideas well and politely
and most likely speak for a lot of people. I respect it.

I fully agree on some of the points that this thread has
brought up.

But it gets me upset to read that '-stable' is pre-beta.
We all know that's not true.

That simply is not fair, thanksless and offensive.

Best regards.

Scott Johnson wrote:

> There is a difference between security fixes and a 'more low-key and
> conservative set of changes intended for our next mainstream release'. I
> maintain a single source tree for all of my machines. That source tree is
> 4.2-RELEASE + security patches. Things break in -STABLE despite the care
> taken in merging from -CURRENT; if I don't need features found only in
> -STABLE, my preference is to trust more the long testing period of a
> -RELEASE. While I could test stable on a spare box, that would be
> time-consuming and error-prone, since that box would have to emulate the
> designated tasks of all my machines. On the other hand, maintaining a
> -STABLE source tree in addition to -RELEASE and selectively installing
> certain things like bind and ntp when the need arises may have problems
> because the -STABLE software is out of sync with the rest of the system.
> This also creates problems when building world with the -RELEASE tree,
> since some software should come from -STABLE. And when it comes down to
> it, I'd rather build just a kernel, or just a userspace program, and only
> when I have to, then rebuild everything on a semi-regular basis.
> 
> I just want to add my voice as to how I use FreeBSD. Simply saying 'use
> -STABLE' to those of us running -RELEASE on production systems isn't
> appropriate, since I believe we have valid reasons for running -RELEASE on
> our systems. These security issues are not so frequent that providing
> patches for -RELEASE should be too burdensome. In fact, if -STABLE was
> fixed, the fix is already available and could be applied to -RELEASE with
> little or no modification.  I've been pleased, actually, with how patches
> have been made available for -RELEASE until only recently, when both the
> bind and ntp vulnerabilities went by without patches. I thought, up till
> this discussion, that it was assumed that many run a -RELEASE, and that
> patches were supplied for that reason. I for one (and judging by the posts
> to this thread I'm not alone) use FreeBSD this way, and I ask that it be
> considered important to make security patches available for the latest
> -RELEASE.
> 
> 
> Quoth Roberto Nunnari on Wed, Apr 11, 2001 at 02:00:26PM +0200:
> 
>> stable is not pre-beta.
>> http://www.freebsd.org/handbook/current-stable.html
>> 
>> ...cut and paste from the above:
>> 
>> 19.2.2. Staying Stable with FreeBSD
>> 
>> If you are using FreeBSD in a production environment and want to make 
>> sure you have the latest fixes from the -CURRENT branch, you want to be 
>> running -STABLE. This is the tree that -RELEASEs are branched from when 
>> we are putting together a new release. For example, if you have a copy 
>> of 3.4-RELEASE, that is really just a ``snapshot'' from the -STABLE 
>> branch that we put on CDROM. In order to get any changes merged into 
>> -STABLE after the -RELEASE, you need to ``track'' the -STABLE branch.
>> 19.2.2.1. What is FreeBSD-STABLE?
>> 
>> FreeBSD-STABLE is our development branch for a more low-key and 
>> conservative set of changes intended for our next mainstream release. 
>> Changes of an experimental or untested nature do not go into this branch 
>> (see FreeBSD-CURRENT).


-- 
               Roberto Nunnari -software engineer-
                 mailto:nunnari@die.supsi.ch
  Scuola Universitaria Professionale della Svizzera Italiana
            Dipartimento di Informatica e Elettronica
                   http://www.die.supsi.ch
  SUPSI-DIE
  Via Cantonale                        tel: +41-91-6108557
  6928 Manno                 """
  Switzerland               (o o)
=======================oOO==(_)==OOo========================
     MY OPINIONS ARE NOT NECESSARILY THOSE OF MY EMPLOYER


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AD55CA7.80101>