From owner-freebsd-security Mon May 20 10:26:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 1E53E37B6F4 for ; Mon, 20 May 2002 10:25:03 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id J9KHZZCN; Mon, 20 May 2002 20:26:53 +0300 Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.6/8.11.3) with ESMTP id g4KHOwc03847; Mon, 20 May 2002 20:24:58 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <3CE93172.F9E3954A@FreeBSD.org> Date: Mon, 20 May 2002 20:25:06 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: hawkeyd@visi.com Cc: freebsd-security@freebsd.org Subject: Re: Is 4.3 security branch officially "out of commission"? References: <200205201008.g4KA8uKl000787_midway.uchicago.edu@ns.sol.net> <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net> <200205201510.g4KFAes00586@sheol.localdomain> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org D J Hawkey Jr wrote: > > In article <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net>, > sobomax@FreeBSD.ORG writes: > > David Syphers wrote: > >> > >> On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: > >> > Folks, > >> > > >> > I was notified by the members of the local FreeBSD community (we have > >> > a very strong presence of FreeBSD in ISP circles here) that seemingly > >> > 4.3 security branch isn't supported anymore, even though there was no > >> > official announcement about decommissioning. > >> > >> See http://www.freebsd.org/security/index.html. I quote > >> --- > >> At this time, security advisories are being released for: > >> > >> FreeBSD 4.4-RELEASE > >> FreeBSD 4.5-RELEASE > >> FreeBSD 4.5-STABLE > >> > >> Older releases are not maintained and users are strongly encouraged to > >> upgrade to one of the supported releases mentioned above. > >> --- > >> > >> As Kris Kennaway mentioned on May 8 (security@ archives...), the official > >> lifetimes of the security branches are not long, although the security team > >> may choose to extend support longer as a courtesy, presumably if they have > >> the manpower and interest. > > > > I see. > > > > What is the official procedure when somebody not from the security > > team want to maintain older releases? For example, as I said there is > > significant push from the local community to merge recent security > > fixes into older releases, so that it is likely that they could > > provide to me with tested patches for older releases they are > > interested in. May I merge them into 4.3 security branch without my > > commit bit being suspended for inappropriate MFCs into security > > branch? > > > > -Maxim > > Quite apart from what Jacques an Kris lay down as the Official Party > Line(tm), you might want to look at > > http://www.visi.com/~hawkeyd/freebsd-backports.html > > It's my own small effort to provide what you - and I - are looking for. Nice, thank you for the pointer. While I like the idea, but I think that implementation is somewhat suboptimal for you and for all who might use this service, as over the time number of patches will grow and interdependencies between those patches will become more and more complex. In my vision the better way would be to set-up cvs repositiry and cvsup service on top it, then import FreeBSD releases onto vendor branches, set up branches with exactly the same names as FreeBSD's original oned (i.e. RELENG_4_1_0, RELENG_4_2_0 etc) and apply your backported patches to those brahches. Then, someone with the existing already unsupported FreeBSD source tree could point his cvsup to your server and get *all* backported fixes for his particular version. Of course there should be list of such fixes, prefferable in the cvs itself, so that people could verify which fixes did they get. If you are interested, I'm ready to help you with setting this up. Thanks! -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message