From owner-freebsd-security  Fri Apr 26 13:52:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP id 0F50F37B417
	for <security@freebsd.org>; Fri, 26 Apr 2002 13:52:43 -0700 (PDT)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 171ClW-0006pQ-00; Fri, 26 Apr 2002 22:56:26 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: "Drew Tomlinson" <drew@mykitchentable.net>
Cc: "Julian Elischer" <julian@elischer.org>, security@freebsd.org
Subject: Re: RELENG_4_4 
In-reply-to: Your message of "Fri, 26 Apr 2002 09:12:42 MST."
             <002d01c1ed3d$32272a20$6e2a6ba5@lc.ca.gov> 
Date: Fri, 26 Apr 2002 22:56:26 +0200
Message-ID: <26251.1019854586@axl.seasidesoftware.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Fri, 26 Apr 2002 09:12:42 MST, "Drew Tomlinson" wrote:

> Instead of calling it an "upgrade", call it a system "patch".  It just
> so happens that the RELENG_4_5 "patch" will ensure that the OS is up to
> date on security issues and more!  :)

Just so that misinformation isn't spread, please note that the "and
more" in your paragraph isn't true.  The RELENG_4_5 branch is strictly
for security fixes.

The reason I'm confident saying this is that I once tried to have what I
thought was an important bugfix merged onto RELENG_4_4 and my request
was rejected, not on the grounds that the bugfix wasn't important, but
rather on the grounds that it did not address a security concern.

At the time, I was very annoyed, but I've come to see the wisdom in the
RELENG_x_x branches.  They allow system architects to address security
concerns without accepting any new features or bugfixes, which have the
theoretical potential to introduce new problems of their own.

If I've designed, tested and deployed a system that works, it's possible
that I'd rather lose out on bugfixes because I think it's unlikely that
I'll need any of them, and I'd rather just pick up security fixes.

For folks in that situation, the RELENG_x_x branches are ideal, and the
security team should be commended for maintaining them.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message