Date: Thu, 12 Apr 2001 09:43:35 +0200 From: Roberto Nunnari <nunnari@die.supsi.ch> To: Scott Johnson <sjohn@airlinksys.com> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: Security Announcements? Message-ID: <3AD55CA7.80101@die.supsi.ch> References: <3AD33218.FE8D7ACD@ursine.com> <001d01c0c1fc$23d73680$0508a8c0@lofi.dyndns.org> <20010410215014.A8173@scientia.demon.co.uk> <007d01c0c274$58ff11c0$94cba8c0@hh.kew.com> <3AD4475A.4050104@die.supsi.ch> <20010411122832.A91506@ns2.airlinksys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott, run '-release' (like many others out there) is your choice and I respect it. I don't discuss that you have or not a valid point to do so. In your email you express your ideas well and politely and most likely speak for a lot of people. I respect it. I fully agree on some of the points that this thread has brought up. But it gets me upset to read that '-stable' is pre-beta. We all know that's not true. That simply is not fair, thanksless and offensive. Best regards. Scott Johnson wrote: > There is a difference between security fixes and a 'more low-key and > conservative set of changes intended for our next mainstream release'. I > maintain a single source tree for all of my machines. That source tree is > 4.2-RELEASE + security patches. Things break in -STABLE despite the care > taken in merging from -CURRENT; if I don't need features found only in > -STABLE, my preference is to trust more the long testing period of a > -RELEASE. While I could test stable on a spare box, that would be > time-consuming and error-prone, since that box would have to emulate the > designated tasks of all my machines. On the other hand, maintaining a > -STABLE source tree in addition to -RELEASE and selectively installing > certain things like bind and ntp when the need arises may have problems > because the -STABLE software is out of sync with the rest of the system. > This also creates problems when building world with the -RELEASE tree, > since some software should come from -STABLE. And when it comes down to > it, I'd rather build just a kernel, or just a userspace program, and only > when I have to, then rebuild everything on a semi-regular basis. > > I just want to add my voice as to how I use FreeBSD. Simply saying 'use > -STABLE' to those of us running -RELEASE on production systems isn't > appropriate, since I believe we have valid reasons for running -RELEASE on > our systems. These security issues are not so frequent that providing > patches for -RELEASE should be too burdensome. In fact, if -STABLE was > fixed, the fix is already available and could be applied to -RELEASE with > little or no modification. I've been pleased, actually, with how patches > have been made available for -RELEASE until only recently, when both the > bind and ntp vulnerabilities went by without patches. I thought, up till > this discussion, that it was assumed that many run a -RELEASE, and that > patches were supplied for that reason. I for one (and judging by the posts > to this thread I'm not alone) use FreeBSD this way, and I ask that it be > considered important to make security patches available for the latest > -RELEASE. > > > Quoth Roberto Nunnari on Wed, Apr 11, 2001 at 02:00:26PM +0200: > >> stable is not pre-beta. >> http://www.freebsd.org/handbook/current-stable.html >> >> ...cut and paste from the above: >> >> 19.2.2. Staying Stable with FreeBSD >> >> If you are using FreeBSD in a production environment and want to make >> sure you have the latest fixes from the -CURRENT branch, you want to be >> running -STABLE. This is the tree that -RELEASEs are branched from when >> we are putting together a new release. For example, if you have a copy >> of 3.4-RELEASE, that is really just a ``snapshot'' from the -STABLE >> branch that we put on CDROM. In order to get any changes merged into >> -STABLE after the -RELEASE, you need to ``track'' the -STABLE branch. >> 19.2.2.1. What is FreeBSD-STABLE? >> >> FreeBSD-STABLE is our development branch for a more low-key and >> conservative set of changes intended for our next mainstream release. >> Changes of an experimental or untested nature do not go into this branch >> (see FreeBSD-CURRENT). -- Roberto Nunnari -software engineer- mailto:nunnari@die.supsi.ch Scuola Universitaria Professionale della Svizzera Italiana Dipartimento di Informatica e Elettronica http://www.die.supsi.ch SUPSI-DIE Via Cantonale tel: +41-91-6108557 6928 Manno """ Switzerland (o o) =======================oOO==(_)==OOo======================== MY OPINIONS ARE NOT NECESSARILY THOSE OF MY EMPLOYER To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AD55CA7.80101>