Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Oct 2000 19:21:58 -0700
From:      Kris Kennaway <kris@FreeBSD.org>
To:        Jordan Hubbard <jkh@winston.osd.bsdi.com>
Cc:        Kris Kennaway <kris@FreeBSD.ORG>, Paul Richards <paul@originative.co.uk>, Christopher Masto <chris@netmonger.net>, Warner Losh <imp@village.org>, Joseph Scott <joseph.scott@owp.csus.edu>, Brian Somers <brian@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ]
Message-ID:  <20001003192158.A14805@freefall.freebsd.org>
In-Reply-To: <85378.970625261@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Tue, Oct 03, 2000 at 07:07:41PM -0700
References:  <kris@FreeBSD.ORG> <85378.970625261@winston.osd.bsdi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 03, 2000 at 07:07:41PM -0700, Jordan Hubbard wrote:

> Or maybe I'm just smoking crack, but I honestly believe we have to at
> least try this.  FreeBSD has really done some major growing up as OS

I was agreeing with the "try this and see if it works", just not the
"and it will be better" implication by announcing that 3.x will be
supported better, even before anyone's made the attempt and tried not
to fail at it :-)

> > Speaking for myself as part of the security team, I don't want to
> > support 3.x for security fixes any more, since it's been just too damn
> 
> To me, this is only an argument that you need more help, not that the
> fundamental idea of supporting security fixes for 3.x is somehow
> unsound. :-) It seems like you essentially agree in your next two
> paragraphs anyway, so can we now see a show of hands for "deputies"
> who'd be willing to work on back-porting even just security
> enhancements to 3.x (and, eventually, 4.x)?

The idea of supporting 2.x fixes isn't fundamentally unsound either,
it's just that no-one cares enough to do the work. So if someone wants
to take on the job of backporting 3.x fixes, we can keep doing it,
otherwise if no-one is we'll stop (based on discussions amongst the
security officer team I think it's fair to say none of us have the
time/desire to do it)

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001003192158.A14805>