Date: Mon, 2 Oct 2000 13:44:22 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: James Wyatt <jwyatt@rwsystems.net>, Brett Glass <brett@lariat.org>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <200010021944.NAA18121@nomad.yogotech.com> In-Reply-To: <21970.970515180@critter> References: <Pine.BSF.4.10.10010021410490.43354-100000@bsdie.rwsystems.net> <21970.970515180@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> >>3.4 is a dead branch, 2.x even more so. > >> > > >> >People are still running it 3.x, though. LOTS of people. > >> > >> Doesn't change the fact that it's a dead branch. > > > >Doesn't change the fact that "LOTS of people" are still running it... > >Geez, what a curt, rude, throw-your-hands-up answer. > > > >Are you saying that if we found a terrible bug (not this easy one) > >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ > > Yes, I am saying that. FWIW, I agree with Poul. We don't have the resources to support anything but '-stable', so if have an older release and need a bug-fix, you're forced to support yourself (ie; provide a bug-fix on your own), or you must upgrade to the most recent '-stable' bits. For those of you with more of a clue, it's not that difficult to support older versions of FreeBSD. For example, a firewall at my old employer is still running FreeBSD 2.2.8-stable, and aside from local exploits, the box is both stable and pretty dang secure. All code (userland and kernel) with known remote exploits have either been upgraded (sendmail, BIND, etc...), or the kernel modifications have been merged in and/or ported back to FreeBSD 2.2 by myself from newer releases. Since I'm no longer with the company, it hasn't been as actively maintained, but on the flip side, it hasn't needed much maintainence. I still keep in contact with the current sys-ad, and if a problem that effects him comes up, I'll let him know. Who knows, he might hire me to fix the bug. :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010021944.NAA18121>