Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
From: Ivan Voras (ivoras_at_fer.hr)
Date: 10/12/05
- Previous message: Matt Piechota: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- In reply to: Mike Tancsa: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Next in thread: Jonathan Glaschke: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Reply: Jonathan Glaschke: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Oct 2005 18:32:36 +0200 To: Mike Tancsa <mike@sentex.net>
Mike Tancsa wrote:
> At 10:13 AM 12/10/2005, Ivan Voras wrote:
>> My idea is that there could maybe be some "core" ports, about 1500 or so,
>
> This sounds like a recipe for confusion. Some users have problems
> distinguishing between whats in the base, and whats out of the ports.
> Another type of "psudo base app" would just add to the confusion. User
I agree that "core ports" is a very confusing name... maybe something
like "ports with extended security support" :)
> / admins need to take *some* responsibility for what is installed on
> their system. Many ports are not very well maintained in the first
> place and to say that the security team should be responsible for
> another 1500 applications is not realistic.
No, not the FreeBSD security team - I mentioned them only as a reference
for "how long does it make sense to support a release". All ports that
would get the extended support will HAVE to be supported by their
respective maintainers/authors. Any port whose maintainer doesn't want
to do it this way will automatically get kicked off the list.
The reason why I think this would work is that I think that many
widely-used applications (e.g.: apache, php, mysql, postgresql, perl,
postfix) are well maintained by their authors and there would certainly
be an audience among the maintainers themselves for such a thing.
To summarize:
- each release would tag the ports tree with RELENG_x_y
- on that tag, certain ports would be supported security-wise by their
maintainers for as long as RELENG_x_y itself is supported by the
security team, being carefull to leave the same version of the port (or
one that's 100% backward compatible).
- other ports would not be supported/maintained, and will just be
"frozen in time" by the CVS tag.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Matt Piechota: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- In reply to: Mike Tancsa: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Next in thread: Jonathan Glaschke: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Reply: Jonathan Glaschke: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
