From owner-freebsd-security@freebsd.org Sun Dec 10 19:14:53 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52D23E971EF for ; Sun, 10 Dec 2017 19:14:53 +0000 (UTC) (envelope-from dan@obluda.cz) Received: from smtp1.ms.mff.cuni.cz (smtp1.ms.mff.cuni.cz [IPv6:2001:718:1e03:801::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "submission.mff.cuni.cz", Issuer "TERENA SSL CA 3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EB5597D4F9 for ; Sun, 10 Dec 2017 19:14:52 +0000 (UTC) (envelope-from dan@obluda.cz) X-SubmittedBy: id 100000045929 subject /DC=org/DC=terena/DC=tcs/C=CZ/O=Charles+20University/CN=Dan+20Lukes+20100000045929 issued by /C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA+20eScience+20Personal+20CA+203 auth type TLS.MFF Received: from [10.20.12.2] ([194.108.204.138]) (authenticated) by smtp1.ms.mff.cuni.cz (8.15.2/8.15.2) with ESMTPS id vBAJEjw1035313 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sun, 10 Dec 2017 20:14:50 +0100 (CET) (envelope-from dan@obluda.cz) Subject: Re: [FreeBSD-Announce] FreeBSD 11.0 end-of-life To: freebsd-security References: <20171208192538.C5C4D1C234@freefall.freebsd.org> <23084.52304.918811.943377@hergotha.csail.mit.edu> From: Dan Lukes Message-ID: <10e888e2-7d56-a45e-ecff-fa4dc14eadc4@obluda.cz> Date: Sun, 10 Dec 2017 20:14:45 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.1 MIME-Version: 1.0 In-Reply-To: <23084.52304.918811.943377@hergotha.csail.mit.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 19:14:53 -0000 On 10.12.2017 6:55, Garrett Wollman wrote: > we have only two windows a year when I can actually > deploy it (after testing) -- from 12/26 to 12/30, and from the Monday > after the first Saturday in June until the Friday before the first > Monday in September. Like me ... > I'll be rolling out 11.1 later this > month, but if 11.2 were to happen in March I'd be SOL before I could > even think about upgrading. I'm maintaining FreeBSDs installation in few independent companies (about 30 servers or so in total) and I'm in risk of the same. I has been forced to create workaround to mitigate the consequences. I'm have local copy of source repository with some own patches[1] already. Thus I can just back-port 11.2 SA (if there will be some) into our 11.1 repository to support 11.1 for two next upgrade windows (e.g. to end of 2018 if 11.2 will be released on March). Dan 1) There are few bug reported, including patches, ignored by FreeBSD's committers for long time. But most of our local patches are related to enhancements we are missing, support for unsupported devices or so.