Re: [security-advisories_at_freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs]

From: Steve Kargl <sgk_at_troutmask.apl.washington.edu>
Date: Fri, 3 Oct 2003 20:18:06 -0700
On Fri, Oct 03, 2003 at 10:48:53PM -0400, Barney Wolff wrote:
> On Fri, Oct 03, 2003 at 07:17:50PM -0700, Will Andrews wrote:
> > 
> > ...  The rule is that changes are always committed to
> > -CURRENT first, unless they do not apply.  This rule is rarely
> > broken in FreeBSD, and certainly never broken for security issues.
> 
> That's of course expected and appreciated.  But consider the different
> actions required of a reasonably paranoid FreeBSD SA on receipt of
> a security advisory:  If following anything but -current, cvsup and
> check the versions of the listed files.  If following -current,
> either trust that the updates made it to the mirror of choice, or
> look up on www.freebsd.org what the latest versions of the listed
> files are and check that you have them.  Since the SO is presumably
> taking the changes from -current, I hope it would not be too much
> of an imposition to list those versions in the advisory as well.
> 

If you're running -current, then you are reading the cvs-all
or at least the cvs-src mailing list.  It should be apparent
that the fixes hit -current before the SA is announced.

-- 
Steve
Received on Fri Oct 03 2003 - 18:18:13 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:24 UTC