Copyright 2024 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

-----BEGIN PGP SIGNED MESSAGE-----

The FreeBSD Security Officer would like to announce a change in policy
regarding security support for the FreeBSD 3.x branch.

Due to the frequent difficulties encountered in fixing the old code
contained in FreeBSD 3.x, we will no longer be requiring security
problems to be fixed in that branch prior to the release of an
advisory that also pertains to FreeBSD 4.x.  In recent months this
requirement has led to delays in the release of advisories, which
negatively impacts users of the current FreeBSD release branch
(FreeBSD 4.x).

Security fixes which are committed to FreeBSD 3.5.1-STABLE prior to
the advisory release will be included in the advisory, but the
advisory release will not be delayed awaiting a fix in the 3.x branch
when a fix is already in place in FreeBSD 4.x.  Serious
vulnerabilities will result in a reissue of the advisory once the
problem is corrected in 3.5.1-STABLE.  For less serious
vulnerabilities a notification will be sent to the
This email address is being protected from spambots. You need JavaScript enabled to view it. mailing list only, to reduce overall
subscriber traffic on the freebsd-security-notifications and
freebsd-announce mailing lists.

We will continue endeavouring to ensure that applicable security fixes
are merged back to the 3.x branch by FreeBSD developers, and to work
with them to develop or merge the appropriate fix prior to the
advisory release, however as the 3.x branch is approaching end of life
we anticipate that there may be an increasing time lag between the
time of fix of a vulnerability in 4.x and when it is backported to
3.x.  Given this reality, users are encouraged to consider plans to
migrate security-critical systems to the 4.x branch over the coming
months.

FreeBSD committers who are interested in providing security support
for older branches of FreeBSD should contact the Security Officer and
they will be kept informed of fixes which require merging to the older
branches.

Comments on this policy are welcomed - please reply to
This email address is being protected from spambots. You need JavaScript enabled to view it..

Regards,

Kris Kennaway
FreeBSD Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBOhifmlUuHi5z0oilAQHnBQP9ETb9xz1UGvU3JxbuvnKXlw6yFFQN15tN
7uwWdmA07FdoiLslK2O9zuR43pHv0HIprbdZVkXBSe4nOfBBaEgarcD/1kW+NVCr
AjOuQQGUl/OjsdyzY524gWylSOg1aI7Lkf+RsUQWOS7Epe1kNCTJzC72SMtk70DH
LMnQGgcDMpo=
=I6rL
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to This email address is being protected from spambots. You need JavaScript enabled to view it.
with "unsubscribe freebsd-security-notifications" in the body of the message

Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology