Date: Thu, 23 Nov 2000 08:04:44 -0800 (PST) From: opentrax@email.com To: security-office@freebsd.org Cc: freebsd-doc@freebsd.org Subject: proposal for new doc (was: Fwd: Re: New security policy for FreeBSD 3.x) Message-ID: <200011231604.IAA02270@spammie.svbug.com>
next in thread | raw e-mail | index | archive | help
Dear Sir,
In previous message regarding the "New Security Policy for FreeBSD
3.x", confusion on my part lead to a discussion whereby Warner Losh
explained in some detail and the exact nature of the new policy.
Warner's explaination helped relieve concerns we might have with
regard to this as we have many units in the field running 3.x.
Being that as it was, I do hereby volunteer to write a document
outlining this issue and draw charts as they relate -- for you review.
Such documents are subject to the approval of the current
'doc' team and this statement in no way constitutes thier approval
or constent. I expect, given the apporpriate approval by the doc team,
this document would be freely available under freebsd.org website.
Also, said document is not intended for the handbook, as it's
very volatile nature requires maintance and vigulence, which can
not be obtained because of the distributed nature of handbook.
However, that said, the final decision still lies with 'doc'
and I am here mostly as tool at your disposal in this issue.
best regards,
Jessem.
Please note I've append Warner's notes to me.
---------------------------------------------------------
------ Forwarded message ------
From: Warner Losh <imp@village.org>
Subject: Re: New security policy for FreeBSD 3.x
Date: Tue, 21 Nov 2000 23:24:29 -0700
To: opentrax@email.com
Cc: security-officer@FreeBSD.ORG, arch@FreeBSD.ORG
In message <200011211843.KAA00298@spammie.svbug.com> opentrax@email.com writes:
: Please note I've cc'd to arch. Could you make your
: comments there?
:
: On 19 Nov, FreeBSD Security Advisories wrote:
: > -----BEGIN PGP SIGNED MESSAGE-----
: >
: > The FreeBSD Security Officer would like to announce a change in policy
: > regarding security support for the FreeBSD 3.x branch.
: >
: > Due to the frequent difficulties encountered in fixing the old code
: > contained in FreeBSD 3.x, we will no longer be requiring security
: > problems to be fixed in that branch prior to the release of an
: > advisory that also pertains to FreeBSD 4.x. In recent months this
: > requirement has led to delays in the release of advisories, which
: > negatively impacts users of the current FreeBSD release branch
: > (FreeBSD 4.x).
: >
: Could you clarify exactly what you are saying? It's not clear.
: Perhaps a chart might help.
[[ included original text to give context ]]
Generally speaking, fixes go into -current first, then are MFC to
4.x-stable and then MFC to 3.x-stable. Sometimes the MFC is easy
(when the code is substantially identical) and sometimes it isn't. In
the cases it isn't, we won't hold up the advisory for a 3.x fix. We
will inform select interested and sufficiently clueful parties of
pending advisories for which no 3.x solution is available. If they
can get us a fix for 3.x before we release our advisory (usually a few
days to a week depending on its severity and other factors), we will
include it in the advisory. If not, then the advisory goes out anyway
without a 3.x fix, with the usual room for negotiation for reasonable
extensions.
In other words, fixes for 3.x will no longer gate security
advisories, but will be included if available.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011231604.IAA02270>