Date: Tue, 2 Jul 2002 19:25:56 -0400 (EDT) From: Chris BeHanna <behanna@zbzoom.net> To: FreeBSD Security <security@freebsd.org> Subject: Re: security fixes Message-ID: <20020702191848.O13868-100000@topperwein.dyndns.org> In-Reply-To: <20020702230034.1316.qmail@web10104.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Jul 2002, twig les wrote:
> Absolute agreement.
OK, then. Ante up, say, $7000 apiece to get two people working on
this full-time, and you might get 4.6.1 in six weeks.[1]
As an alternative, for your customers, you might build a custom
release from a known working snapshot of -STABLE that you've tested
the bejeezus out of.
> --- Brett Glass <brett@lariat.org> wrote:
> > At 11:22 AM 7/2/2002, Wincent Colaiuta wrote:
> >
> > >So on production systems track RELENG_4_6 now, and
> > when that stops being updated, start tracking
> > RELENG_4_7, and so on....
> >
> > With the flurry of changes going on (including the OpenSSH hole
> > and libc hole in the base install and the Apache vulnerability in
> > the ports and packages), it'd be nice to see an interim release.
> > Who here would be in favor of that? Who, on the FreeBSD Core Team,
> > might make the decision to do an interim release before 4.7
> > (scheduled for October)? (Yes, it takes work to put out a release,
> > but do we really want everyone who wants a secure system to have
> > to install from -STABLE snapshots, running the risk of picking a
> > bad day, for four months?)
--
Chris BeHanna http://www.pennasoft.com
Principal Consultant
PennaSoft Corporation
chris@pennasoft.com
[1] I am neither a committer, nor a member of core, nor a member of
the RE team.[2] I can't make this commitment on their behalf. I
wrote this to illustrate to you what kind of effort is involved,
and what kind of time frame is involved.[3][4]
[2] I was the RE at my last job. I know firsthand that it ain't just
turning a crank on a CVS snapshot to get a release.
[3] Unless the FreeBSD Project is willing to postpone or drop
5.0-DP2, which I highly doubt, or to postpone or drop 5.0-RELEASE,
which I highly doubt, or to postpone or drop 4.7-RELEASE, which I
highly doubt. There's too much going on in this *volunteer*
project to cater to everyone's whim, desire, or hobby horse.
[4] The effort to put some of these changes into RELENG_4_6 is
somewhat less, but still nontrivial and, again, it's not my call.
It's far more likely to happen if you offer to do some or all of
the work.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020702191848.O13868-100000>