Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 May 2002 20:25:06 +0300
From:      Maxim Sobolev <sobomax@FreeBSD.org>
To:        hawkeyd@visi.com
Cc:        freebsd-security@freebsd.org
Subject:   Re: Is 4.3 security branch officially "out of commission"?
Message-ID:  <3CE93172.F9E3954A@FreeBSD.org>
References:  <200205201008.g4KA8uKl000787_midway.uchicago.edu@ns.sol.net> <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net> <200205201510.g4KFAes00586@sheol.localdomain>

next in thread | previous in thread | raw e-mail | index | archive | help
D J Hawkey Jr wrote:
> 
> In article <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net>,
>         sobomax@FreeBSD.ORG writes:
> > David Syphers wrote:
> >>
> >> On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote:
> >> > Folks,
> >> >
> >> > I was notified by the members of the local FreeBSD community (we have
> >> > a very strong presence of FreeBSD in ISP circles here) that seemingly
> >> > 4.3 security branch isn't supported anymore, even though there was no
> >> > official announcement about decommissioning.
> >>
> >> See http://www.freebsd.org/security/index.html.  I quote
> >> ---
> >> At this time, security advisories are being released for:
> >>
> >> FreeBSD 4.4-RELEASE
> >> FreeBSD 4.5-RELEASE
> >> FreeBSD 4.5-STABLE
> >>
> >> Older releases are not maintained and users are strongly encouraged to
> >> upgrade to one of the supported releases mentioned above.
> >> ---
> >>
> >> As Kris Kennaway mentioned on May 8 (security@ archives...), the official
> >> lifetimes of the security branches are not long, although the security team
> >> may choose to extend support longer as a courtesy, presumably if they have
> >> the manpower and interest.
> >
> > I see.
> >
> > What is the official procedure when somebody not from the security
> > team want to maintain older releases? For example, as I said there is
> > significant push from the local community to merge recent security
> > fixes into older releases, so that it is likely that they could
> > provide to me with tested patches for older releases they are
> > interested in. May I merge them into 4.3 security branch without my
> > commit bit being suspended for inappropriate MFCs into security
> > branch?
> >
> > -Maxim
> 
> Quite apart from what Jacques an Kris lay down as the Official Party
> Line(tm), you might want to look at
> 
>     http://www.visi.com/~hawkeyd/freebsd-backports.html
> 
> It's my own small effort to provide what you - and I - are looking for.

Nice, thank you for the pointer. While I like the idea, but I think
that implementation is somewhat suboptimal for you and for all who
might use this service, as over the time number of patches will grow
and interdependencies between those patches will become more and more
complex. 
In my vision the better way would be to set-up cvs repositiry and
cvsup service on top it, then import FreeBSD releases onto vendor
branches, set up branches with exactly the same names as FreeBSD's
original oned (i.e. RELENG_4_1_0, RELENG_4_2_0 etc) and apply your
backported patches to those brahches. Then, someone with the existing
already unsupported FreeBSD source tree could point his cvsup to your
server and get *all* backported fixes for his particular version. Of
course there should be list of such fixes, prefferable in the cvs
itself, so that people could verify which fixes did they get. If you
are interested, I'm ready to help you with setting this up.

Thanks!

-Maxim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE93172.F9E3954A>