Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 May 2002 18:12:12 -0700
From:      Wes Peters <wes@softweyr.com>
To:        "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc:        Maxim Sobolev <sobomax@FreeBSD.ORG>, dsyphers@uchicago.edu, developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG
Subject:   Re: Is 4.3 security branch officially "out of commission"?
Message-ID:  <3CE99EEC.49EF91E2@softweyr.com>
References:  <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org> <3CE93084.7C6ADAFF@softweyr.com> <20020520115715.E1468@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

"Crist J. Clark" wrote:
> 
> On Mon, May 20, 2002 at 10:21:08AM -0700, Wes Peters wrote:
> > Maxim Sobolev wrote:
> 
> [snip]
> 
> > > What is the official procedure when somebody not from the security
> > > team want to maintain older releases? For example, as I said there is
> > > significant push from the local community to merge recent security
> > > fixes into older releases, so that it is likely that they could
> > > provide to me with tested patches for older releases they are
> > > interested in. May I merge them into 4.3 security branch without my
> > > commit bit being suspended for inappropriate MFCs into security
> > > branch?
> >
> > Once you've obtained the permission of the security officer, you may
> > commit any change to a _RELEASE tag.
> 
> ITYM, "you may commit any change to a RELENG_4_? branch." A *_RELEASE
> tag should never ever, ever be touched.

Yes, that is EXACTLY what I mean.  Thanks for catching this, Crist.

> But to repeat, you just need an,
> 
>   Approved by:  security-officer@
> 
> On any commits to a RELENG_?_? branch. (Not to confuse things, but re@
> can also approve non-security changes that are deemed critical
> bug-fixes to these branches.)

I suspect anything that has a local or remote exploit, or that removes
a crash, will be OK'd as well.  We're all in agreement this is a good
idea that just needs some manpower.  I'm certain we'll also agree that
Maxim stepping up to handle RELENG_4_3 is a Very Good Thing.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE99EEC.49EF91E2>