From owner-freebsd-current@FreeBSD.ORG  Fri Oct  3 23:22:25 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7075316A4B3
	for <current@freebsd.org>; Fri,  3 Oct 2003 23:22:25 -0700 (PDT)
Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8D3FF4400D
	for <current@freebsd.org>; Fri,  3 Oct 2003 23:22:24 -0700 (PDT)
	(envelope-from imp@bsdimp.com)
Received: from localhost (warner@rover2.village.org [10.0.0.1])
	by harmony.village.org (8.12.9p1/8.12.9) with ESMTP id h946MLAD041977;
	Sat, 4 Oct 2003 00:22:21 -0600 (MDT)
	(envelope-from imp@bsdimp.com)
Date: Sat, 04 Oct 2003 00:22:24 -0600 (MDT)
Message-Id: <20031004.002224.56059588.imp@bsdimp.com>
To: barney@databus.com
From: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <20031004014527.GB32411@pit.databus.com>
References: <20031004014527.GB32411@pit.databus.com>
X-Mailer: Mew version 2.2 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: current@freebsd.org
Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD
 Security Advisory FreeBSD-SA-03:17.procfs]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Oct 2003 06:22:25 -0000

In message: <20031004014527.GB32411@pit.databus.com>
            Barney Wolff <barney@databus.com> writes:
: I'm finally motivated to ask, why don't security advisories contain
: the equivalent revs for -head?  Surely I can't be the only person
: following -current who doesn't build every day.
: 
: This notable omission has been true of every security advisory I
: can remember, and I've never understood it.  If I'm missing some
: logic that makes it the right thing to do, can somebody please
: enlighten me?

It has been the long standing policy of the security officer that
current doesn't get security advisories.  people running current are
assumed to know what they are doing, including being able to dig into
the cvs logs to see if they are impacted or not as well as being
expected to upgrade early and often to avoid such issues.

Maybe these are a bad assumption, since current today (and until we
branch) is a pseudo-stable, but that's the historical reason.

Warner