Date: Fri, 3 Oct 2003 22:48:53 -0400 From: Barney Wolff <barney@databus.com> To: current@freebsd.org Subject: Re: [security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs] Message-ID: <20031004024852.GA49129@pit.databus.com> In-Reply-To: <20031004021750.GX72999@procyon.firepipe.net> References: <20031004014527.GB32411@pit.databus.com> <20031004015404.GW72999@procyon.firepipe.net> <20031004021041.GA33705@pit.databus.com> <20031004021750.GX72999@procyon.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 03, 2003 at 07:17:50PM -0700, Will Andrews wrote: > > ... The rule is that changes are always committed to > -CURRENT first, unless they do not apply. This rule is rarely > broken in FreeBSD, and certainly never broken for security issues. That's of course expected and appreciated. But consider the different actions required of a reasonably paranoid FreeBSD SA on receipt of a security advisory: If following anything but -current, cvsup and check the versions of the listed files. If following -current, either trust that the updates made it to the mirror of choice, or look up on www.freebsd.org what the latest versions of the listed files are and check that you have them. Since the SO is presumably taking the changes from -current, I hope it would not be too much of an imposition to list those versions in the advisory as well. Thanks, Barney -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031004024852.GA49129>