From owner-freebsd-current@FreeBSD.ORG Fri Oct 3 19:48:54 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F04B716A4B3 for ; Fri, 3 Oct 2003 19:48:54 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02F6C43FBF for ; Fri, 3 Oct 2003 19:48:53 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9p2/8.12.9) with ESMTP id h942mrcw049105 for ; Fri, 3 Oct 2003 22:48:53 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9p2/8.12.9/Submit) id h942mrUg048842 for current@freebsd.org; Fri, 3 Oct 2003 22:48:53 -0400 (EDT) (envelope-from barney) Date: Fri, 3 Oct 2003 22:48:53 -0400 From: Barney Wolff To: current@freebsd.org Message-ID: <20031004024852.GA49129@pit.databus.com> References: <20031004014527.GB32411@pit.databus.com> <20031004015404.GW72999@procyon.firepipe.net> <20031004021041.GA33705@pit.databus.com> <20031004021750.GX72999@procyon.firepipe.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031004021750.GX72999@procyon.firepipe.net> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.37 Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Oct 2003 02:48:55 -0000 On Fri, Oct 03, 2003 at 07:17:50PM -0700, Will Andrews wrote: > > ... The rule is that changes are always committed to > -CURRENT first, unless they do not apply. This rule is rarely > broken in FreeBSD, and certainly never broken for security issues. That's of course expected and appreciated. But consider the different actions required of a reasonably paranoid FreeBSD SA on receipt of a security advisory: If following anything but -current, cvsup and check the versions of the listed files. If following -current, either trust that the updates made it to the mirror of choice, or look up on www.freebsd.org what the latest versions of the listed files are and check that you have them. Since the SO is presumably taking the changes from -current, I hope it would not be too much of an imposition to list those versions in the advisory as well. Thanks, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.