Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 May 2002 10:21:08 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Maxim Sobolev <sobomax@FreeBSD.org>
Cc:        dsyphers@uchicago.edu, developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG
Subject:   Re: Is 4.3 security branch officially "out of commission"?
Message-ID:  <3CE93084.7C6ADAFF@softweyr.com>
References:  <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Sobolev wrote:
> 
> David Syphers wrote:
> >
> > On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote:
> > > Folks,
> > >
> > > I was notified by the members of the local FreeBSD community (we have
> > > a very strong presence of FreeBSD in ISP circles here) that seemingly
> > > 4.3 security branch isn't supported anymore, even though there was no
> > > official announcement about decommissioning.
> >
> > See http://www.freebsd.org/security/index.html.  I quote
> > ---
> > At this time, security advisories are being released for:
> >
> > FreeBSD 4.4-RELEASE
> > FreeBSD 4.5-RELEASE
> > FreeBSD 4.5-STABLE
> >
> > Older releases are not maintained and users are strongly encouraged to
> > upgrade to one of the supported releases mentioned above.
> > ---
> >
> > As Kris Kennaway mentioned on May 8 (security@ archives...), the official
> > lifetimes of the security branches are not long, although the security team
> > may choose to extend support longer as a courtesy, presumably if they have
> > the manpower and interest.
> 
> I see.
> 
> What is the official procedure when somebody not from the security
> team want to maintain older releases? For example, as I said there is
> significant push from the local community to merge recent security
> fixes into older releases, so that it is likely that they could
> provide to me with tested patches for older releases they are
> interested in. May I merge them into 4.3 security branch without my
> commit bit being suspended for inappropriate MFCs into security
> branch?

Once you've obtained the permission of the security officer, you may
commit any change to a _RELEASE tag.

There is an historical precedent here, the last time we took 2+ years to
get the next major release out the door.  Security fixes and such were
maintained in the 2.2.x branch for quite some time while 3.0 was being
worked on and after it was released but not deemed stable enough for
production work by a large number of users.  This time we actually have
a CVS mechanism in place to help. ;^)

Maxim, if this is important enough to you to become a 4.3 maintenance
coordinator or some other such fancy title, perhaps you should propose
that to the Security Officer.  In the meantime, I think he will be 
quite interested to see proposed patches and MFC/MFS's.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE93084.7C6ADAFF>