From owner-freebsd-announce@FreeBSD.ORG Mon Feb 2 21:16:38 2015 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 057F4E2E; Mon, 2 Feb 2015 21:16:38 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC3275E6; Mon, 2 Feb 2015 21:16:37 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t12LGbBO070906; Mon, 2 Feb 2015 21:16:37 GMT (envelope-from security-officer@freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t12LGbmt070905; Mon, 2 Feb 2015 21:16:37 GMT (envelope-from security-officer@freebsd.org) Date: Mon, 2 Feb 2015 21:16:37 GMT From: security-officer@freebsd.org Message-Id: <201502022116.t12LGbmt070905@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: delphij set sender to security-officer@freebsd.org using -f To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Subject: [FreeBSD-Announce] Reminder: FreeBSD 10.0 end-of-life approaching X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2015 21:16:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear FreeBSD community, At 00:00 UTC, February 28, 2015, FreeBSD 10.0 will reach end-of-life and will no longer be supported by the FreeBSD Security Team. Users of FreeBSD 10.0 are strongly encouraged to upgrade to a newer release as soon as possible. The currently supported branches and releases and their expected end-of-life dates are: +----------------------------------------------------------------------------+ | Branch | Release | Type | Release Date | Estimated EoL | +-----------+------------+--------+------------------+-----------------------+ |stable/8 |n/a |n/a |n/a |June 30, 2015 | +-----------+------------+--------+------------------+-----------------------+ |releng/8.4 |8.4-RELEASE |Extended|June 9, 2013 |June 30, 2015 | +-----------+------------+--------+------------------+-----------------------+ |stable/9 |n/a |n/a |n/a |last release + 2 years | +-----------+------------+--------+------------------+-----------------------+ |releng/9.3 |9.3-RELEASE |Extended|July 16, 2014 |December 31, 2016 | +-----------+------------+--------+------------------+-----------------------+ |stable/10 |n/a |n/a |n/a |last release + 2 years | +-----------+------------+--------+------------------+-----------------------+ |releng/10.0|10.0-RELEASE|Normal |January 20, 2014 |February 28, 2015 | +-----------+------------+--------+------------------+-----------------------+ |releng/10.1|10.1-RELEASE|Extended|November 14, 2014 |December 31, 2016 | +----------------------------------------------------------------------------+ Please refer to https://security.freebsd.org/ for an up-to-date list of supported releases and the latest security advisories. - -- Xin Li FreeBSD Deputy Security Officer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJUz+hmAAoJEO1n7NZdz2rnLxoP/3I6SqOIVs4fZAZdZ9QdtGNn ENq94M9bBRXXt05TBQFVEiB3DYDZYbI3ZO5taV44OxbTc4bGXC9nqNr21KkZil8y yu5m/dWBL+7F//w5dnT+S1lGST2qbpzcpocDgrJsVc40MeiKj9PELz5jfCmjduLB j8jSDwz0uj6wpRP/+cJumvMTUqrLew49I1JeF23AraEzefMrQU2Z/g6qIj857p1T dKUlfUujFwxtW2jW/NjTZCwM86s6eDNu8OmcVrn9kDdNN95sVdZf1LQ/VKMpW/42 IRX4/HG6zUaCWp82IBd+UhBLUbI1e0FgN1iS9b3KOWeHLmnzMOCgEtvgTbxMQ0eV 4AF35Wa8TDs3UP8ZmITs1PwG3mlwBzpD3eHZNdvgiA4nMTJURJilf5bb/Bf12sPy +3ijfY3lIh4NFBwfSmc8vydAlWHvgwJm21C8kOHWtDvud+iUVvHlDeqpWZHtocLq 0tMHzGYf70aTessfLMkcpu4k48el0tOaGp+QIlCOVsJ8CTXwqUkOpp72SBlEEj3D pY7TDfKdOKaH8glOggJ2gIc+jCDoTKJw1COJS1o7aoZNLEZA5KP2dA+jYJXPUFPK YBilkOaWcayBu3KX/tO3S3cDlQy6Snj2XxD1fVmfIT0cLgryz/XWwsAOphtAGbgl R7TzMReVgXgnXhlEvEb/ =mTXH -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Tue Feb 3 18:00:25 2015 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 509E2AF5 for ; Tue, 3 Feb 2015 18:00:25 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E0B79DBD for ; Tue, 3 Feb 2015 18:00:24 +0000 (UTC) Received: from lucid-nonsense.infracaninophile.co.uk (localhost [127.0.0.1]) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTP id t13I0KRu014870 for ; Tue, 3 Feb 2015 18:00:20 GMT (envelope-from matthew@lucid-nonsense.infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t13I0KRu014870 Authentication-Results: smtp.infracaninophile.co.uk/t13I0KRu014870; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host localhost [127.0.0.1] claimed to be lucid-nonsense.infracaninophile.co.uk Received: (from matthew@localhost) by lucid-nonsense.infracaninophile.co.uk (8.15.1/8.15.1/Submit) id t13I0Jsm014869 for freebsd-announce@freebsd.org; Tue, 3 Feb 2015 18:00:19 GMT (envelope-from matthew) Date: Tue, 3 Feb 2015 18:00:19 +0000 From: Matthew Seaman To: freebsd-announce@freebsd.org Message-ID: <20150203180019.GA14204@smtp.infracaninophile.co.uk> Reply-To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: clamav-milter 0.98.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Tue, 03 Feb 2015 18:05:27 +0000 Subject: [FreeBSD-Announce] Changes to the FreeBSD Support Model X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Feb 2015 18:00:25 -0000 --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Changes to the FreeBSD Support Model ----------------------------------------------------------------------- Over the past several months, the teams responsible for supporting the FreeBSD operating system discussed the current support model, and how that model can be improved to provide better support for FreeBSD users and consumers. The changes below greatly improve FreeBSD support, reduce turnaround time for Errata Notices and Security Advisories, provide consistency between binary package sets and the underlying FreeBSD base system version, and reduce the amount of time before new features are included in the official FreeBSD binary package sets. Changes Proposed in a New FreeBSD Support Model ----------------------------------------------------------------------- The proposed changes include: - Moving from a point release-based support model to a set of releases from a branch with a guaranteed support lifetime. - Resolving our arbitrary (and unofficial) 5-year branch lifetime guarantee. The support policy is that the stable/X branch will be supported for 5 years (minimum) from the point X.0-RELEASE is released. We now guarantee a 5-year lifetime on the branch, regardless of how many releases are built from the branch. Additionally, a "last minute" release from the stable/X branch does not constitute expanding the support lifetime for the branch as a whole for an additional two years. - The Security Officer or Ports Management Team may extend support for any individual numbered release or branch at their discretion, in exceptional cases. - A new stable/ branch release will not occur before two years after the X.0-RELEASE from the prior branch. This limits the number of simultaneous supported branches, which will greatly reduce the overall number of branches that must be maintained and build-tested for Security Advisories and Errata Notices, reducing turnaround time. - Each new release from the stable/X branch deprecates the previous release on the branch, providing a three-month window within which consumers are urged to upgrade to the latest release. During this three-month window, Security Advisories and Errata Notices will still be issued for the previous release, as necessary. How These Changes Benefit FreeBSD Consumers ----------------------------------------------------------------------- These changes to the FreeBSD support policy will reduce turnaround time for security advisories and errata notices, provide binary package sets that are more closely aligned with the latest FreeBSD release from a given branch, and clearly define the minimum length of time that a branch will receive support. When The New FreeBSD Support Policy Will Become Effective ----------------------------------------------------------------------- These changes are planned to become effective with FreeBSD 11.0-RELEASE, which is still a number of months away. FreeBSD releases from earlier branches will continue to be supported in accordance with the policy that was in effect at the time they were released. Deficiencies in the Current FreeBSD Support Model ----------------------------------------------------------------------- - The FreeBSD support model is release-based, versus branch-based. Specifically, we determine if a FreeBSD release will be a normal- or an extended-support release in the final phases of the release cycle, while in reality we have no way to determine how successful the release is until weeks or months later. - We do not clearly define how long the stable/X branch will be supported after its creation. Since FreeBSD 5.x, we have historically supported a stable/X branch for a minimum of five years after the X.0-RELEASE is available. The length of time is not a defined policy, which can make it difficult to decide which branch to track. - The current support model prevents building third-party binary packages for the most recent release from a stable/ branch because we must provide packages that can be run on the oldest supported release from the branch. - Ports maintainers must support the oldest supported release on the branch within the Ports Collection. This adds significant complexity to the tree in general, but also prevents enabling new features by default. An example is the upgrade to WITH_NEW_XORG where these features depend on changes to the base system that are only available in X.Z-RELEASE. - The support model can overlap in non-intuitive ways, making it difficult to decide when evaluating FreeBSD features versus support timeframe from any given branch. When changes to the support model were initially being discussed, the FreeBSD supported releases were: - 8.4-RELEASE: June 30, 2015 - 9.1-RELEASE: December 31, 2014 - 9.2-RELEASE: September 30, 2014 (Note that in this case support for the newer 9.2 release ends before support for FreeBSD 9.1.) - A new release from a branch automatically extends the support lifetime by two years, minimum. If X.Y-RELEASE was initially planned to be the final release from the stable/X branch, it is an extended-support release by definition. If it is necessary to follow X.Y-RELEASE with X.Z-RELEASE for any reason, we would have two concurrent extended-support releases from the same branch in sequence. This has a serious impact on the quality of an update when there are multiple supported releases on a branch. The problem becomes worse when the oldest supported release on the branch has a longer support lifetime than the newest release on the branch. Key Items Considered in Changes to the FreeBSD Support Model ----------------------------------------------------------------------- Some of the things that should be included in a new FreeBSD support model include: - Guaranteeing, and explicitly stating, the support lifetime of the stable/X branch as a whole, versus independently determining the support lifetime of the individual releases from the stable/X branch. - Providing package sets that are compatible with the latest release from the branch, ensuring that new features introduced into the FreeBSD base system can be enabled by default in binary package builds. - Security Advisories and Errata Notices should be more aligned between src/ and ports/. There is an endless list of edge cases with this particular point, but consider a situation where a critical security vulnerability is discovered, and the underlying code has changed between X.Y-RELEASE and X.Z-RELEASE. In addition to the possibility of regression in one (or both) of the supported releases due to subtle changes in the security fix, it introduces potential delay in providing the security fix as the number of supported releases increases. Each supported release adds to the amount of time it takes for: - 1) patching the vulnerability, - 2) testing the patch, - 3) verifying the patch is correct, and - 4) building the freebsd-update(8) binary update bits. If a problem is discovered at any time during step (4), procedure resets to step (1). (It should be stressed that this is not due to lack of hardware, but the order in which the various steps of issuing Security Advisories and Errata Notices must occur.) - Providing a support model that is easier more predictable and easier to follow. --=20 Matthew Seaman Core Team Secretary matthew@FreeBSD.org core-secretary@FreeBSD.org --SUOF0GtieIMvvwua Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJU0QypXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMDdCRjVFMzEwQUU2NEJGNjEyMEIwRjYz NkE3QzA1RkUxRUNGOUJCAAoJEDanwF/h7Pm7maMP/19ERNRzM8UI+l/wPUwMjfxF HiQ56qc7JzYccXckZ5UtSXKNCIX23RyBbdKxGaVRb517Gwxa4mF/BMALscFtoCEg dNquqNvSoA0rhOXXFe39lYla+bY/vy5whpLfntSO4P84qkPTBzzyv6t1ScP4epnU vPjCLXHNGOw9RXmeAv9RZhvCbutnkjWeBH6JhhDG5IpW8+8ryOMKeUQvBnKZjA77 HUfZExPZs8MBwMzHYvvTdgsLp3gCqJTQODazZdUpjznwEJl3lgUQfZdxLSeMdoY/ CI/vUICznT75RTGfG6D5oPSPVmIqIlD/uhfrL+HjPpJKdD5ah5xCVX1+N8L04rby 6GIBmL7li2nnxgD3dr+gcJezRnmz8UHyVucfSGekGX01um5VRudxXDprCOjK2C1X ejCVyd2EGS0C4PZaqcyGBfbAK1cnszpRZZhz8pjJ3DhUIcUmGjEhb12PjwBSoz+K s2oywfBLQ8yopNA/bGbbqYxQhq1KyVjKpTldw2Hs6rnZFJdWxl2mth8h1f0Wv842 ir8XTXqRqF+4n2REqlGAwZxeJANLfG8/w+iNpxgJQ9dMydGT7z/3g8AEyaag5dCF CH/97ql8QmjoZYs1rL3ecCdyPUHaFJCQmhj7xo/U+LkTwkl9u1guFFpsdPCcWC55 drVUvB2ef5nn+4xmetZL =4frN -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--