Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

From: Ivan Voras (ivoras_at_fer.hr)
Date: 10/12/05

  • Next message: Mike Tancsa: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl" 
    Date: Wed, 12 Oct 2005 16:13:53 +0200
To: Tobias Roth <roth@iam.unibe.ch>

    Tobias Roth wrote:
    > On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote:

    > And you cannot expect the port maintainers
    > to backport security fixes if the upstream provider chose to release the
    > fix only together with a new version.

    Yes you can, ask these guys: http://www.debian.org/. It's just a matter
    of policy.

    I dislike the long cycles between version updates in Debian but must
    admit that the "stable" distributions indeed justify their name,
    INCLUDING packages.

    My idea is that there could maybe be some "core" ports, about 1500 or
    so, that would get the special treatment of beeing updated in such a
    "stable" fashion on a branch in ports tree tagged (for example)
    RELENG_6_0. These ports would be publically announced as being
    "anchored" to a release and updated (including backporting security
    fixes) for as long as the release is maintained by the FreeBSD's
    security team.
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Mike Tancsa: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"