From owner-freebsd-security Wed Apr 11 12: 2:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 7198837B423 for ; Wed, 11 Apr 2001 12:02:47 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f3BJ3If92710; Wed, 11 Apr 2001 15:03:18 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 11 Apr 2001 15:03:18 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jason DiCioccio Cc: freebsd-security@freebsd.org, sjohn@airlinksys.com Subject: Re: Security Announcements In-Reply-To: <20010411182202.57FBA1363D@bluenugget.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Apr 2001, Jason DiCioccio wrote: > On Wed, 11 Apr 2001 14:06:22 -0400 (EDT) Robert Watson wrote: > > [snip] > > Currently, the charter of the RELENG_4_3 > > branch will be that it simply carries security fixes, although it might > > eventually also carry mission-critical functionality fixes or > > work-arounds. It will also allow users to cvs update/cvsup along that > > branch to pick up all available critical release fixes, without picking up > > new features, and permit easier generation of binary updates to the > > release. > [snip] > > Fantastic, just one question. I might be asking the obvious but I > didn't see it mentioned. Will there be ctm/ftp snapshot tracking > available too for those of us that have machines behind restrictive > firewalls? Sounds like a great idea to me -- I'd certainly anticipated that providing binary snapshots off the branch is something we'd want to do, but I'm not familiar with the CTM mechanisms or maintenance processes. Given that this is "just another branch" from a CVS perspective, all the automated services offered on existing branches could easily be offered on the most recent release branch. Some of the practice here will evolve as needs arise. In any case, I think this will allow us to greatly improve the level of security support we provide to our consumers who follow the normal release cycle but don't track -STABLE -- presumably this is the (silent) majority. My understanding is that BSDi has been hard at work on binary updating tools, so it may be that when that becomes available, we'll have the ingredients necessary to efficiently produce and maintain binary updates. We'll see how that works out. :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message