From owner-freebsd-security  Wed Dec  4 15:34:19 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.3/8.7.3) id PAA22085
          for security-outgoing; Wed, 4 Dec 1996 15:34:19 -0800 (PST)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA22076
          for <freebsd-security@freebsd.org>; Wed, 4 Dec 1996 15:34:14 -0800 (PST)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id QAA12288; Wed, 4 Dec 1996 16:34:02 -0700 (MST)
Date: Wed, 4 Dec 1996 16:34:02 -0700 (MST)
Message-Id: <199612042334.QAA12288@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: Richard Wackerbarth <rkw@dataplex.net>
Cc: Nate Williams <nate@mt.sri.com>, freebsd-security@freebsd.org
Subject: Re: Sendmail 8.8.4 questions...
In-Reply-To: <l03010900aecbaaf1bdaa@[204.69.236.50]>
References: <199612041958.NAA21344@alecto.physics.uiuc.edu>
	<199612041951.MAA11333@rocky.mt.sri.com>
	<199612042058.NAA11575@rocky.mt.sri.com>
	<l03010900aecbaaf1bdaa@[204.69.236.50]>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Richard Wackerbarth writes:
> >That would be 2.1.6.1.  And, it's a good release except for bugs that
> >weren't known about until *after* it was set in stone such as the
> >sendmail bug.
> 
> And a very few changes have been committed since then.

I don't think so.  Changes have been committed since 2.1.6, but not
since it was frozen.

> IMHO, such security problem patches SHOULD get committed to the 2.1 tree
> UNTIL 2.2 has proven itself. Since 2.2 is just now in "beta", I would guess
> that might be around March, 1997.

Huh?  2.2 is going to be released *long* before that time.  In order for
it to 'become' proven, it has to be used.  If people aren't willing to
test it then it'll never be 'stable'.

I've stated in the past that if people are willing to submit patches for
the 2.1-stable branch I'd commit them, and I got *ZERO* response.  I'm
not longer willing to do it simply because I don't have time for it and
obviously no-one who cares is willing to do anything about it, but
instead expect the developers to do it for them.

2.1.* is dead in my mind, and I suspect many others.  It lived long past
it's usefulness in the developers mind.

Nate