Date: Sun, 22 Aug 2004 15:54:30 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Oliver Eikemeier <eikemeier@fillmore-labs.com> Cc: Pete Fritchman <petef@absolutbsd.org> Subject: Re: determining vulnerable FreeBSD system components [Was: cvs commit: ports/security/portaudit-db/database portaudit.txt portaudit.xlist portaudit.xml] Message-ID: <20040822205430.GD17478@madman.celabo.org> In-Reply-To: <8D9F2B2C-F47B-11D8-8CAA-00039312D914@fillmore-labs.com> References: <20040822194025.GB17478@madman.celabo.org> <8D9F2B2C-F47B-11D8-8CAA-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 22, 2004 at 10:40:50PM +0200, Oliver Eikemeier wrote: > Yup. We should use __FreeBSD_version for -STABLE and -CURRENT, since > this is easy determinable. __FreeBSD_version is not and should not be bumped for security updates. It is strictly for source (and perhaps in some cases, binary) code compatibility, and security updates do not (should not) impact code compatibility. > I now -CURRENT is not supported, but it would > be useful nevertheless. I don't know how to handle release branches > though. Especially when only the affected binary is patched, without > rebooting the system (and possibly bumping __FreeBSD_version). Maybe we > should invent some kind of global registry where the (security) patches > applied are recorded. Yeah, that has also come up before. Perhaps we should pick it up again. Also, this kinda relates to Julian's desire to have the advisories in the source tree, so that when you checked out say RELENG_4_10, you would get all the advisories that affected 4.10 (and ONLY those advisories). That could of course work for -STABLE and -CURRENT as well, but IIRC there were some objections due to the realities of how we manage the source tree. For example, I would not like to need to have N different advisories for N different branches (i.e. branching the advisory in CVS), but re@ has reasons they do not want to allow the sliding of tags within src/. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040822205430.GD17478>