Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Mar 2002 19:00:06 -0500
From:      Steve Shorter <steve@nomad.lets.net>
To:        Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Cc:        Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject:   Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib
Message-ID:  <20020318190006.A66422@nomad.lets.net>
In-Reply-To: <5.1.0.14.0.20020318173139.0537c438@pop3s.schulte.org>; from schulte%2Bfreebsd@nospam.schulte.org on Mon, Mar 18, 2002 at 05:48:23PM -0600
References:  <4.3.2.7.2.20020318140507.00e58dc0@nospam.lariat.org> <4.3.2.7.2.20020318140507.00e58dc0@nospam.lariat.org> <20020318181917.B66347@nomad.lets.net> <5.1.0.14.0.20020318173139.0537c438@pop3s.schulte.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Mon, Mar 18, 2002 at 05:48:23PM -0600, Christopher Schulte wrote:
> At 06:19 PM 3/18/2002 -0500, Steve Shorter wrote:
> >         What is lacking inf FreeBSD is a 4.5-RELEASE with
> >security fixes AND bug fixes.
> >
> >         -STABLE includes "new material" which can be unstable.
> >And -SECURITY only has "security fixes" but not bug fixes
> >in general, since the last RELEASE.
> 
> RELENG_4_X was (still is) open to critical bug fixes, but generally it's 
> used for critical *security* related bug fixes.  The problem is (at least) 
> two folded as I see it:
> 
> 2) How to draw a line in the sand and decide what will be committed to 
> RELENG_4_X as a fix, and what will require a tracking of -STABLE or the 
> next -RELEASE.  The last thing I want is a second -STABLE branch with lots 
> of code updates, thus decreasing the overall stability.

	I agree mostly with your points, but is it not possible to

	1) Eliminate new code, ie. as in -STABLE development, but
           have bug fixes for only existing code.

	2) Eliminate "bugs in general" as the basis for a
           secure system. Utherwise your "secure" branch remains buggy
           and therefore less secure, since many security failures 
           originate in buggy code.

	3) A -SECURITY branch that contains buggy filesystem etc ...
           code is simply less desirable and less usable. For example
           I intended to stay with 4.3-SECURITY	 at one time but
           am continually forced to upgrade becuase of unfixed bugs
           in -SECURITY, though I don't want to.


	-steve

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318190006.A66422>