Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon

At 8:42 AM -0700 10/11/06, Jason Stone wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Though I admit RELENG_4 is getting dusty, it is not rusty. I believe it
is still used in many places because of its stability and performance.
[...]
Is it envisageable to extend the RELENG_4's and RELENG_4_11's EoL
once more ?

Yes, I'm also voting for it.

I realize that resources to keep chasing this stuff are in limited
supply, but if you solicit the opinion of the community, I'd bet
that more people would rather see 4.x support continue than 5.x
support.

While this is an interesting idea, please realize that if we are
supporting 6.x (and we are!), then it is much less work to also
support 5.x than it is to support 4.x instead of 5.x. The effort
for one is not the same as the effort for the other.

But I do agree that this is an interesting idea.

In a different message, Dan Lukes wrote:
Even if no new ports will be compilable on 4.x, even if the
old ports will not be updated with exception of update caused by
security bug, I vote for delaying EOL of 4.11

That's easy to say. But then that security bug will be in an
old version of openssh, and to fix it you'll need to update *both*
openssh and openssl, and to compile openssl you'll need a newer
version of, oh, some compiler. Or the latest libtool. Or it
will assume a variety of changes have been made to base-system
include files under /usr/include/**.h.

(Note that I face this very issue with a variety of old Solaris
and IRIX machines here at work. It's one thing to say "Oh, I'll
just apply one little security fix", and it's another when you
figure out it's going to take you two weeks of solid work to do
successfully do that)

More to the point, we might not even know there *is* a security
exposure in the system you are running. Maybe someone stumbles
upon a new exploit in an ancient version of <some-component>, but
everyone running 5.x and 6.x and 7.x is already running the newer
version. Thus, we won't even know that 4.x users have a serious
security issue which needs to be fixed.

You can't just keep voting to say "support me forever", and have it
cost nothing. Someone, somewhere, has to put up the time and effort
to actually do that support. And realistically, that someone has to
be the people who are actively running 4.x. Me, I have no desire to
run 4.x. I have become too accustomed to a variety of nice features
which are in 6.x. I'm also in the process of replacing two of my PC's
(because they are having hardware trouble), and once I do that I only
have one PC which will even bootup in 4.x -- and that is a 10-year-old
PC which I hope to replace before the end of the year.

(of course, I'm only one freebsd developer, and I do not claim to
be speaking for security@freebsd or re@freebsd. I'm just saying, more
and more FreeBSD developers are actively running on newer hardware,
and thus that is where their expertise is...)

--
Garance Alistair Drosehn = gad@xxxxxxxxxxxxxxxxxxxx
Senior Systems Programmer or gad@xxxxxxxxxxx
Rensselaer Polytechnic Institute or drosih@xxxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • FW: {RTCProd#003-520-317}Windows Update Support Request
    ... support policy for Windows NT 4.0 Workstation SP6a. ... The Microsoft Support Lifecycle defines the support policies for all ... This means that after this date, Microsoft would no longer create ... security fixes for this platform, nor automatically post to WU, etc. ...
    (NT-Bugtraq)
  • Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon
    ... that more people would rather see 4.x support continue than 5.x ... old version of openssh, and to fix it you'll need to update *both* ... (Note that I face this very issue with a variety of old Solaris ... just apply one little security fix", ...
    (freebsd-stable)
  • RE: Vendor wants remote control of our Servers and Workstations
    ... Of course the age-old problem with security is that ... Vendor has significant access to your internal ... this vendor uses the same method to support a number ... customer and makes significant changes ... ...
    (Security-Basics)
  • Re: The Register: OpenVMS among most-secure of operating systems
    ... >story with out of support versions of VMS/OpenVMS as well. ... >Take LAND there is no CERT advisory for LAND refering to ... You have claimed that CERT advisory counts is ... not a good measure of the relative security of a system. ...
    (comp.os.vms)
  • Re: OT: Why Truman dropped the bomb
    ... > employing their own security guards on every flight. ... > Yet what's this administration's response? ... > drugs, but they're far less dangerous than alcohol, ... I don't see support for the Iraq war ...
    (rec.music.classical.recordings)