From owner-freebsd-stable  Mon Mar 18 16:26:20 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from zoon.lafn.org (zoon.lafn.org [206.117.18.9])
	by hub.freebsd.org (Postfix) with ESMTP id 9FDE637B416
	for <stable@FreeBSD.ORG>; Mon, 18 Mar 2002 16:26:14 -0800 (PST)
Received: from [10.0.1.90] (66-81-17-113-modem.o1.com [66.81.17.113])
	by zoon.lafn.org (8.11.3/8.11.3) with ESMTP id g2J0QDi72492
	for <stable@FreeBSD.ORG>; Mon, 18 Mar 2002 16:26:13 -0800 (PST)
	(envelope-from bc979@lafn.org)
Mime-Version: 1.0
X-Sender: bc979@mail.lafn.org
Message-Id: <f051003a1b8bc340c3d56@[10.0.1.90]>
In-Reply-To: <20020319000703.2B06BBA05@i8k.babbleon.org>
References: <200203180844.g2I8iwb15941@freebsd.dk>
 <20020318165724.GA21743@jochem.dyndns.org>
 <20020319000703.2B06BBA05@i8k.babbleon.org>
Date: Mon, 18 Mar 2002 16:24:23 -0800
To: stable@FreeBSD.ORG
From: Doug Hardie <bc979@lafn.org>
Subject: Security Bulletins and Related Updates
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

I am not sure this is the right place to bring this up, but I didn't 
see one that was more obvious.

I recently received 2 security bulletins dealing with security issues 
in the releases.  These last two did not include updates for 
4.3-RELENG.  The first one was a very simple patch that obviously was 
fine with the 4.3 sources.  That was easily updated.  This last one 
with zlib double-free is not as simple or obvious.

The issue at hand is for those of us who use FreeBSD for production 
environments where down-time results in the loss of customers, having 
to update the OS 2 or 3 times a year is just not viable.  I need to 
be able to keep the OS upgrades to one per year or fewer.  Each of 
those is a severl hour down-time and really annoys my users.  I can 
justify it once a year.  The security patches generally only take a 
minute or so and that is noticed by only a couple users.  I can get 
away with that more often.  However, without the updates to the 
4.3-RELENG I have no way to keep up to date with the security issues. 
Can the security fixes be done a bit farther back?
-- 
-- Doug

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message