OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ]
From: Nate Williams (nateyogotech.com)
Date: Tue Oct 03 2000 - 22:49:02 CDT

> The idea of supporting 2.x fixes isn't fundamentally unsound either,
> it's just that no-one cares enough to do the work.

For what it's worth, I've got a couple of backported kernel fixes on my
box (including at least one security fix) that are there because I am
stuck on 2.2 due to hardware issues, as well as the fact that it simply
'works'.

However, I didn't bother making the fix available because I felt it
might give people the wrong impression. Just because *I* am willing to
support a really old release such as FreeBSD 2, I still feel the users
should be 'encouraged' to use newer releases. By not making those fixes
available (which were in fact rather trivial to do), those folks who
aren't capable of fixing the bugs will be more likely to upgrade their
systems to a newer 'more supported' release.

I think supporting older releases *really* needs to be done by a
commercial entity (or at least folks who have a commercial stake in
seeing it done), since the majority of developers are in it for the
development fun, and product support is all but fun. :(

Nate

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message