Date: Sat, 04 Oct 2003 00:22:24 -0600 (MDT) From: "M. Warner Losh" <imp@bsdimp.com> To: barney@databus.com Cc: current@freebsd.org Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs] Message-ID: <20031004.002224.56059588.imp@bsdimp.com> In-Reply-To: <20031004014527.GB32411@pit.databus.com> References: <20031004014527.GB32411@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <20031004014527.GB32411@pit.databus.com>
Barney Wolff <barney@databus.com> writes:
: I'm finally motivated to ask, why don't security advisories contain
: the equivalent revs for -head? Surely I can't be the only person
: following -current who doesn't build every day.
:
: This notable omission has been true of every security advisory I
: can remember, and I've never understood it. If I'm missing some
: logic that makes it the right thing to do, can somebody please
: enlighten me?
It has been the long standing policy of the security officer that
current doesn't get security advisories. people running current are
assumed to know what they are doing, including being able to dig into
the cvs logs to see if they are impacted or not as well as being
expected to upgrade early and often to avoid such issues.
Maybe these are a bad assumption, since current today (and until we
branch) is a pseudo-stable, but that's the historical reason.
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031004.002224.56059588.imp>