In message: <20031004014527.GB32411_at_pit.databus.com> Barney Wolff <barney_at_databus.com> writes: : I'm finally motivated to ask, why don't security advisories contain : the equivalent revs for -head? Surely I can't be the only person : following -current who doesn't build every day. : : This notable omission has been true of every security advisory I : can remember, and I've never understood it. If I'm missing some : logic that makes it the right thing to do, can somebody please : enlighten me? It has been the long standing policy of the security officer that current doesn't get security advisories. people running current are assumed to know what they are doing, including being able to dig into the cvs logs to see if they are impacted or not as well as being expected to upgrade early and often to avoid such issues. Maybe these are a bad assumption, since current today (and until we branch) is a pseudo-stable, but that's the historical reason. WarnerReceived on Fri Oct 03 2003 - 21:22:25 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:24 UTC