Re: security fixes
From: Kevin Kinsey, DaleCo, S.P. (kdk@daleco.biz)
Date: 07/04/02
- Next message: Hununu: "Re: limiting proxy access"
- Previous message: brian j. peterson: "Re: security fixes"
- In reply to: brian j. peterson: "Re: security fixes"
- Next in thread: Kevin Kinsey, DaleCo, S.P.: "Re: security fixes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "brian j. peterson" <rbw@myplace.org>, "Brett Glass" <brett@lariat.org> Date: Wed, 3 Jul 2002 17:25:55 -0500
Yep, and if *I* wanted a new release every time
the maintainers got around to building one after
disclosure of a security issue, I'd go back to
Windoze ... :-)
[tongue bleeding from compression betwixt
teeth & cheek...]
KDK
----- Original Message -----
From: "brian j. peterson" <rbw@myplace.org>
To: "Brett Glass" <brett@lariat.org>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Wednesday, July 03, 2002 12:23 PM
Subject: Re: security fixes
> [freebsd-security subscribers: this is a response to what i consider to
> be a horribly off-topic thread, so if you prefer to avoid such posts,
> please read no further and accept my apologies for subjecting you to
> even this much.]
>
>
> On Tue, Jul 02, 2002 at 04:06:13PM -0600, Brett Glass wrote:
> >
> > With the flurry of changes going on (including the OpenSSH hole and libc
> > hole in the base install and the Apache vulnerability in the ports and
> > packages), it'd be nice to see an interim release. Who here would be
> > in favor of that? Who, on the FreeBSD Core Team, might make the decision
>
> who here would be in favor of that? very few, i would hope.
>
> i know the last thing i want the FreeBSD team to do is spend all their
> limited volunteered time (and limited donated resources) on creating a new
> -RELEASE for every new security problem that is discovered. this would be
> a gross waste. they already spend plenty of time fixing the security
> problems as they crop up, so apply the patches they supply and recompile
> what you need to and be happy they are so responsive and informative and
> responsible.
>
>
> > to do an interim release before 4.7 (scheduled for October)? (Yes, it
> > takes work to put out a release, but do we really want everyone who
wants
> > a secure system to have to install from -STABLE snapshots, running the
> > risk of picking a bad day, for four months?)
>
> of course we don't want a person who wants a secure system to install from
> a -STABLE snapshot, that's why it's not recommended. installs should be
> done with a -RELEASE and then updated as per the requirements of the user.
> if the user simply wants to keep up to date with the latest changes, he
> should update to (and probably track) RELENG_x and subscribe himself to
> the freebsd-stable mailing list. if the user desires security above all
> else, he should update to RELENG_x_y and subscribe himself to the
> freebsd-security-notifications mailing list.
>
> Brett? i've watched you harp on the same damn point for months now, and
> i know i'm not the only one getting tired of it. really, we get it. we
> know you want a brand new installable build for every new security problem
> that is discovered. i've watched you start new threads on this topic.
> i've watched you steer completely unrelated threads to this topic. i've
> watched you start new threads on very specific topics for very specific
> security bugs only to take flying leaps of logic to conclude (in essence)
> "clearly, we need constantly updating -RELEASE builds otherwise we're
> being grossly unethical, mean, and also probably smelly." WE. GET. IT.
>
> we also get that you're full of sound and fury (and whining and moaning),
> and little else. you talk and talk and talk and talk, but you don't
> actually try to DO anything. would a brand new installable build every
> few days be nice? sure. is it feasible? not currently, and probably
> not any time soon. and even if there were a new installable build every
> few days, what then? users would still have to go back and update their
> already installed systems. users would still have to keep informed about
> updates to FreeBSD. you seem to think that the update mechanism isn't
> good enough, and the FreeBSD developers would seem to agree; they are
> working on binary upgrades (as opposed to patch/compile upgrades), but
> these things don't happen overnight. and they don't happen any faster
> with you complaining about things. and they certainly wouldn't happen
> any faster if all of FreeBSD's resources were tied up in building new
> -RELEASEs every twelve minutes. if you are too impatient to wait for
> change to happen, MAKE it happen. get directly involved. contribute
> something tangible. that's the beauty of this FreeBSD thing; if you
> actually have something to contribute, you can actually make a real
> difference.
>
> -Brian
>
> --
> --===-----=======-----------=============-----------------================
===
> bjp aka rbw | and did you exchange a walk on part in the war
> rbw@myplace.org | for a lead role in a cage?
>
===================-----------------=============-----------=======-----===-
-
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Hununu: "Re: limiting proxy access"
- Previous message: brian j. peterson: "Re: security fixes"
- In reply to: brian j. peterson: "Re: security fixes"
- Next in thread: Kevin Kinsey, DaleCo, S.P.: "Re: security fixes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
