Date: Mon, 20 May 2002 10:21:08 -0700 From: Wes Peters <wes@softweyr.com> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: dsyphers@uchicago.edu, developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG Subject: Re: Is 4.3 security branch officially "out of commission"? Message-ID: <3CE93084.7C6ADAFF@softweyr.com> References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Sobolev wrote: > > David Syphers wrote: > > > > On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: > > > Folks, > > > > > > I was notified by the members of the local FreeBSD community (we have > > > a very strong presence of FreeBSD in ISP circles here) that seemingly > > > 4.3 security branch isn't supported anymore, even though there was no > > > official announcement about decommissioning. > > > > See http://www.freebsd.org/security/index.html. I quote > > --- > > At this time, security advisories are being released for: > > > > FreeBSD 4.4-RELEASE > > FreeBSD 4.5-RELEASE > > FreeBSD 4.5-STABLE > > > > Older releases are not maintained and users are strongly encouraged to > > upgrade to one of the supported releases mentioned above. > > --- > > > > As Kris Kennaway mentioned on May 8 (security@ archives...), the official > > lifetimes of the security branches are not long, although the security team > > may choose to extend support longer as a courtesy, presumably if they have > > the manpower and interest. > > I see. > > What is the official procedure when somebody not from the security > team want to maintain older releases? For example, as I said there is > significant push from the local community to merge recent security > fixes into older releases, so that it is likely that they could > provide to me with tested patches for older releases they are > interested in. May I merge them into 4.3 security branch without my > commit bit being suspended for inappropriate MFCs into security > branch? Once you've obtained the permission of the security officer, you may commit any change to a _RELEASE tag. There is an historical precedent here, the last time we took 2+ years to get the next major release out the door. Security fixes and such were maintained in the 2.2.x branch for quite some time while 3.0 was being worked on and after it was released but not deemed stable enough for production work by a large number of users. This time we actually have a CVS mechanism in place to help. ;^) Maxim, if this is important enough to you to become a 4.3 maintenance coordinator or some other such fancy title, perhaps you should propose that to the Security Officer. In the meantime, I think he will be quite interested to see proposed patches and MFC/MFS's. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE93084.7C6ADAFF>