On Mon, Mar 18, 2002 at 05:48:23PM -0600, Christopher Schulte wrote:
> At 06:19 PM 3/18/2002 -0500, Steve Shorter wrote:
> > What is lacking inf FreeBSD is a 4.5-RELEASE with
> >security fixes AND bug fixes.
> >
> > -STABLE includes "new material" which can be unstable.
> >And -SECURITY only has "security fixes" but not bug fixes
> >in general, since the last RELEASE.
>
> RELENG_4_X was (still is) open to critical bug fixes, but generally it's
> used for critical *security* related bug fixes. The problem is (at least)
> two folded as I see it:
>
> 2) How to draw a line in the sand and decide what will be committed to
> RELENG_4_X as a fix, and what will require a tracking of -STABLE or the
> next -RELEASE. The last thing I want is a second -STABLE branch with lots
> of code updates, thus decreasing the overall stability.

        I agree mostly with your points, but is it not possible to

        1) Eliminate new code, ie. as in -STABLE development, but
           have bug fixes for only existing code.

        2) Eliminate "bugs in general" as the basis for a
           secure system. Utherwise your "secure" branch remains buggy
           and therefore less secure, since many security failures
           originate in buggy code.

        3) A -SECURITY branch that contains buggy filesystem etc ...
           code is simply less desirable and less usable. For example
           I intended to stay with 4.3-SECURITY at one time but
           am continually forced to upgrade becuase of unfixed bugs
           in -SECURITY, though I don't want to.

        -steve

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]