From owner-freebsd-security Wed Dec 4 15:48:22 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.8.3/8.7.3) id PAA22827 for security-outgoing; Wed, 4 Dec 1996 15:48:22 -0800 (PST) Received: from gateway.skipstone.com (root@GATEWAY.SKIPSTONE.COM [198.214.10.129]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA22820 for ; Wed, 4 Dec 1996 15:48:16 -0800 (PST) Received: from bugs.skipstone.com (bugs.skipstone.com [204.69.236.2]) by gateway.skipstone.com (8.7.4/8.6.9) with ESMTP id RAA23512; Wed, 4 Dec 1996 17:47:22 -0600 Received: from [204.69.236.50] (hotapplepie.skipstone.com [204.69.236.50]) by bugs.skipstone.com (8.7.5/8.7.3) with ESMTP id RAA16846; Wed, 4 Dec 1996 17:48:14 -0600 X-Sender: rkw@mail.dataplex.net Message-Id: In-Reply-To: <199612042334.QAA12288@rocky.mt.sri.com> References: <199612041958.NAA21344@alecto.physics.uiuc.edu> <199612041951.MAA11333@rocky.mt.sri.com> <199612042058.NAA11575@rocky.mt.sri.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 4 Dec 1996 17:48:12 -0600 To: Nate Williams From: Richard Wackerbarth Subject: Re: Sendmail 8.8.4 questions... Cc: freebsd-security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Richard Wackerbarth writes: >> >That would be 2.1.6.1. And, it's a good release except for bugs that >> >weren't known about until *after* it was set in stone such as the >> >sendmail bug. >> >> And a very few changes have been committed since then. > >I don't think so. Changes have been committed since 2.1.6, but not >since it was frozen. WRONG! Look at the ctm updates in the archive. They are triggered by SOME change in the CVS tree for the 2_1_0 tag. >> IMHO, such security problem patches SHOULD get committed to the 2.1 tree >> UNTIL 2.2 has proven itself. Since 2.2 is just now in "beta", I would guess >> that might be around March, 1997. > >Huh? 2.2 is going to be released *long* before that time. In order for >it to 'become' proven, it has to be used. If people aren't willing to >test it then it'll never be 'stable'. I agree. However, until it IS proven, we still need a reliable system for "mission critical" assignments. Those need to get "security" fixes. >2.1.* is dead in my mind, and I suspect many others. It lived long past >it's usefulness in the developers mind. That is a "developer's" attitude. If we wish to really have FreeBSD used in commercial environments, we need to adopt more of a "user's" attitude. I'm not advocating ANY changes other than SECURITY fixes at this point. I would hope that the same sendmail that works in 2.2 also works in 2.1.6+. If we need to test that before committing, I'll do so.