Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 10/13/05
- Previous message: jere: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- In reply to: Ivan Voras: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Next in thread: Colin Percival: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Oct 2005 15:29:01 +0200 To: Ivan Voras <ivoras@fer.hr>
> >On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote:
>
> >And you cannot expect the port maintainers
> >to backport security fixes if the upstream provider chose to release the
> >fix only together with a new version.
>
> Yes you can, ask these guys: http://www.debian.org/. It's just a matter
> of policy.
OTOH, Debian packages maintainers chose to do this work whereas asking
FreeBSD ports maintainers to do this extra work just now is awkward.
Yes, the FreeBSD project could still ask for volunteers for this job
but anyway I noticed that this kind of policy leads to delayed package
updates whereas merely changing the Makefile in order to upgrade the
port is very quick.
The best example I can give to this is Firefox. Recently we have seen
a great increase of security advisories about it. As both a FreeBSD and
Debian user I have to admit that the FreeBSD port is often updated before
the Debian package (however I must also admit this compares somewhat
the two maintainers).
Eventually I would say that when someone administers a network, I
think it is his own responsability to choose softwares whose release
process is serious enough - which used to be a major reason for using
FreeBSD - and it is not the responsability of FreeBSD to overcome their
deficiencies.
Regards,
-- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: jere: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- In reply to: Ivan Voras: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Next in thread: Colin Percival: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
