Date: Wed, 14 Mar 2001 18:56:19 +0000 From: Paul Richards <paul@freebsd-services.co.uk> To: Doug Barton <DougB@gorean.org> Cc: Kris Kennaway <kris@obsecurity.org>, Gregory Sutter <gsutter@zer0.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: proposals for fixing the PROBLEM at hand Message-ID: <3AAFBED3.19D77C05@freebsd-services.co.uk> References: <20010312160321.B95497@mollari.cthul.hu> <200103130307.TAA41551@gndrsh.dnsmgr.net> <20010312193452.A2927@mollari.cthul.hu> <3AAE5A9A.341F634F@originative.co.uk> <20010314005648.I9369@klapaucius.zer0.org> <20010314011016.A28290@mollari.cthul.hu> <3AAF86A6.65492AEC@freebsd-services.co.uk> <3AAFB42F.95513604@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote: > > Paul Richards wrote: > > > > Kris Kennaway wrote: > > > > > > On Wed, Mar 14, 2001 at 12:56:48AM -0800, Gregory Sutter wrote: > > > > > > > 2. Update the -RELEASE branch for security fixes and critical bugfixes > > > > > > This one isn't a proposal, it's something we've been planning to do > > > for quite a while (and it's been mentioned several times on lists). > > > > Well I was under the impression that you were going to be quite pedantic > > about it being security fixes only. If it's critical bugfixes as well > > then that's exactly what I've been calling for. > > The problem is that one person's "critical" bug fix is another person's > needless bloat/complication of the security bugfix process. I personally > feel strongly that the proposed branch updates should be security only. If > you feel that a bugfix in -stable is appropriate to your site, the onus is > on you to upgrade to -stable. Which is why I've always advocated that there be a team of people that manages the -RELEASE branch and that it not be a free for all to committers. I'm happy that this be made up largely of the security team, they have the right sense of conservatism for this job but it does make sense for their remit to extend to system stability as well as security since the two are closely related anyway and it would be unhelpful to not apply bugfixes that would fix probable data corruption or loss of service because they fall outside of a too narrow definition of security. Perhaps what I consider to be a critical bug fix would always have fallen into their definition of security anyway since I'm really only talking about things that could cause data corruption or loss of service, anything else can be lived with in a production environment otherwise as you say an actual upgrade would be planned. Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AAFBED3.19D77C05>