Date: Wed, 3 Jul 2002 17:25:55 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "brian j. peterson" <rbw@myplace.org>, "Brett Glass" <brett@lariat.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: security fixes Message-ID: <0f8501c222e0$9982cca0$edec910c@fbccarthage.com> References: <009201c2213a$dd3a4b00$edec910c@fbccarthage.com> <4.3.2.7.2.20020702155758.00e9a2c0@localhost> <20020703172337.GD32703@malkavian.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yep, and if *I* wanted a new release every time the maintainers got around to building one after disclosure of a security issue, I'd go back to Windoze ... :-) [tongue bleeding from compression betwixt teeth & cheek...] KDK ----- Original Message ----- From: "brian j. peterson" <rbw@myplace.org> To: "Brett Glass" <brett@lariat.org> Cc: <freebsd-security@FreeBSD.ORG> Sent: Wednesday, July 03, 2002 12:23 PM Subject: Re: security fixes > [freebsd-security subscribers: this is a response to what i consider to > be a horribly off-topic thread, so if you prefer to avoid such posts, > please read no further and accept my apologies for subjecting you to > even this much.] > > > On Tue, Jul 02, 2002 at 04:06:13PM -0600, Brett Glass wrote: > > > > With the flurry of changes going on (including the OpenSSH hole and libc > > hole in the base install and the Apache vulnerability in the ports and > > packages), it'd be nice to see an interim release. Who here would be > > in favor of that? Who, on the FreeBSD Core Team, might make the decision > > who here would be in favor of that? very few, i would hope. > > i know the last thing i want the FreeBSD team to do is spend all their > limited volunteered time (and limited donated resources) on creating a new > -RELEASE for every new security problem that is discovered. this would be > a gross waste. they already spend plenty of time fixing the security > problems as they crop up, so apply the patches they supply and recompile > what you need to and be happy they are so responsive and informative and > responsible. > > > > to do an interim release before 4.7 (scheduled for October)? (Yes, it > > takes work to put out a release, but do we really want everyone who wants > > a secure system to have to install from -STABLE snapshots, running the > > risk of picking a bad day, for four months?) > > of course we don't want a person who wants a secure system to install from > a -STABLE snapshot, that's why it's not recommended. installs should be > done with a -RELEASE and then updated as per the requirements of the user. > if the user simply wants to keep up to date with the latest changes, he > should update to (and probably track) RELENG_x and subscribe himself to > the freebsd-stable mailing list. if the user desires security above all > else, he should update to RELENG_x_y and subscribe himself to the > freebsd-security-notifications mailing list. > > Brett? i've watched you harp on the same damn point for months now, and > i know i'm not the only one getting tired of it. really, we get it. we > know you want a brand new installable build for every new security problem > that is discovered. i've watched you start new threads on this topic. > i've watched you steer completely unrelated threads to this topic. i've > watched you start new threads on very specific topics for very specific > security bugs only to take flying leaps of logic to conclude (in essence) > "clearly, we need constantly updating -RELEASE builds otherwise we're > being grossly unethical, mean, and also probably smelly." WE. GET. IT. > > we also get that you're full of sound and fury (and whining and moaning), > and little else. you talk and talk and talk and talk, but you don't > actually try to DO anything. would a brand new installable build every > few days be nice? sure. is it feasible? not currently, and probably > not any time soon. and even if there were a new installable build every > few days, what then? users would still have to go back and update their > already installed systems. users would still have to keep informed about > updates to FreeBSD. you seem to think that the update mechanism isn't > good enough, and the FreeBSD developers would seem to agree; they are > working on binary upgrades (as opposed to patch/compile upgrades), but > these things don't happen overnight. and they don't happen any faster > with you complaining about things. and they certainly wouldn't happen > any faster if all of FreeBSD's resources were tied up in building new > -RELEASEs every twelve minutes. if you are too impatient to wait for > change to happen, MAKE it happen. get directly involved. contribute > something tangible. that's the beauty of this FreeBSD thing; if you > actually have something to contribute, you can actually make a real > difference. > > -Brian > > -- > --===-----=======-----------=============-----------------================ === > bjp aka rbw | and did you exchange a walk on part in the war > rbw@myplace.org | for a lead role in a cage? > ===================-----------------=============-----------=======-----===- - > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0f8501c222e0$9982cca0$edec910c>