From owner-freebsd-security Sat Oct 7 20:38:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2281A37B66C; Sat, 7 Oct 2000 20:38:47 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id XAA90825; Sat, 7 Oct 2000 23:36:05 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 7 Oct 2000 23:36:05 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Jeffrey J. Mountin" Cc: "Matthew D. Fuller" , Jordan Hubbard , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: Stable branch In-Reply-To: <4.3.2.20001007214506.00bb7c10@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 7 Oct 2000, Jeffrey J. Mountin wrote: > Now your earlier proposal makes better sense. At lot more for the > CVS-meisters to deal with, but they can answer that magic question. > Also may be an issue to branch old releases, then it might be worth > doing all the branching at one time and disallowing access. Well, at least for the purposes of the release engineer, the major change is adding a "-b" to the CVS tag operation. However, and important question, which you raised in a prior e-mail, is whether or not this places an undue burden on CVS due to expensive branch handling. My hope is that it would be not, but presumably a CVS meister (Peter?) should enlighten us. I have no idea how branching for older versions would work: it may be that we just start doing this now, for new releases. > Then the question would be for how long do we want to do patches for old > releases. Which is a question we've always been faced with, only hopefully this will make life easier. With the recent security issues, we've had some luck in identifying people who are willing to backport fixes (Alfred, Jeroen). I'd certainly be willing to pick up some load, and Kris has demonstrated interest in covering the most recent -STABLE and -CURRENT trees. > One other idea that cropped up would be if we want to set this up for > the more troublesome releases like 3.2 to force them to upgrade to a > later version. Think that only 3.4+ should be considered due to a large > enough install base to consider. Yes, I think it would be reasonable, for older versions and -STABLE branches, to limit the scope in which fixes are available -- i.e., put them into the head of the -STABLE branch, and the last -RELEASE on the branch. Thanks, Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message