Re: [security-advisories_at_freebsd.org: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:17.procfs]

From: M. Warner Losh <imp_at_bsdimp.com>
Date: Sat, 04 Oct 2003 00:22:24 -0600 (MDT)
In message: <20031004014527.GB32411_at_pit.databus.com>
            Barney Wolff <barney_at_databus.com> writes:
: I'm finally motivated to ask, why don't security advisories contain
: the equivalent revs for -head?  Surely I can't be the only person
: following -current who doesn't build every day.
: 
: This notable omission has been true of every security advisory I
: can remember, and I've never understood it.  If I'm missing some
: logic that makes it the right thing to do, can somebody please
: enlighten me?

It has been the long standing policy of the security officer that
current doesn't get security advisories.  people running current are
assumed to know what they are doing, including being able to dig into
the cvs logs to see if they are impacted or not as well as being
expected to upgrade early and often to avoid such issues.

Maybe these are a bad assumption, since current today (and until we
branch) is a pseudo-stable, but that's the historical reason.

Warner
Received on Fri Oct 03 2003 - 21:22:25 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:24 UTC