Date: Fri, 24 Oct 1997 21:40:43 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: Alfred Perlstein <perlsta@cs.sunyit.edu> Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, hackers@freebsd.org Subject: Re: why is freebsd distributed like this? Message-ID: <199710250340.VAA22910@rocky.mt.sri.com> In-Reply-To: <Pine.BSF.3.96.971024215119.6289B-100000@server.local.sunyit.edu> References: <24971.877729659@time.cdrom.com> <Pine.BSF.3.96.971024215119.6289B-100000@server.local.sunyit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Why are there releases floating around with security holes in them? > certain 'fixes' that are trivial but nessesary like the procfs patch > should be applied all around the source tree as soon as possible. Umm, they were? But, it's really hard to delete releases from CD's. All security bugs are 'fixed' in the trees as soon as possible. But, new bugs/problems are found, and you can't go change bits already set in stone. If people aren't watching the security mailing list, then there's nothing we can do about it. And, the fact of the matter is that it costs too much money for WC to burn all the CD's and build new ones for every security bug that crops up. If people aren't willing to 'keep up' with their vendor (ie; us) and find out about bugs, then there's nothing we can do given the current resources. Even Sun doesn't let it's users know about security violations 'on their own' and we pay them 10's of thousands of dollars a year. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710250340.VAA22910>