Archive of FreeBSD Security general posting, New security policy for FreeBSD 3.x

20/11/00, New security policy for FreeBSD 3.x
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Subject: New security policy for FreeBSD 3.x
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Date: Sun, 19 Nov 2000 19:51:46 -0800 (PST)
Delivered-To: freebsd-security-notifications@freebsd.org
Mail-from: From owner-freebsd-security-notifications@FreeBSD.ORG Mon Nov 20 10:52:13 2000
Reply-To: postmaster@FreeBSD.ORG
Sender: owner-freebsd-security-notifications@FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----

The FreeBSD Security Officer would like to announce a change in policy
regarding security support for the FreeBSD 3.x branch.

Due to the frequent difficulties encountered in fixing the old code
contained in FreeBSD 3.x, we will no longer be requiring security
problems to be fixed in that branch prior to the release of an
advisory that also pertains to FreeBSD 4.x.  In recent months this
requirement has led to delays in the release of advisories, which
negatively impacts users of the current FreeBSD release branch
(FreeBSD 4.x).

Security fixes which are committed to FreeBSD 3.5.1-STABLE prior to
the advisory release will be included in the advisory, but the
advisory release will not be delayed awaiting a fix in the 3.x branch
when a fix is already in place in FreeBSD 4.x.  Serious
vulnerabilities will result in a reissue of the advisory once the
problem is corrected in 3.5.1-STABLE.  For less serious
vulnerabilities a notification will be sent to the
freebsd-security@FreeBSD.org mailing list only, to reduce overall
subscriber traffic on the freebsd-security-notifications and
freebsd-announce mailing lists.

We will continue endeavouring to ensure that applicable security fixes
are merged back to the 3.x branch by FreeBSD developers, and to work
with them to develop or merge the appropriate fix prior to the
advisory release, however as the 3.x branch is approaching end of life
we anticipate that there may be an increasing time lag between the
time of fix of a vulnerability in 4.x and when it is backported to
3.x.  Given this reality, users are encouraged to consider plans to
migrate security-critical systems to the 4.x branch over the coming
months.

FreeBSD committers who are interested in providing security support
for older branches of FreeBSD should contact the Security Officer and
they will be kept informed of fixes which require merging to the older
branches.

Comments on this policy are welcomed - please reply to
security-officer@FreeBSD.org.

Regards,

Kris Kennaway
FreeBSD Security Officer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBOhifmlUuHi5z0oilAQHnBQP9ETb9xz1UGvU3JxbuvnKXlw6yFFQN15tN
7uwWdmA07FdoiLslK2O9zuR43pHv0HIprbdZVkXBSe4nOfBBaEgarcD/1kW+NVCr
AjOuQQGUl/OjsdyzY524gWylSOg1aI7Lkf+RsUQWOS7Epe1kNCTJzC72SMtk70DH
LMnQGgcDMpo=
=I6rL
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security-notifications" in the body of the message


Previous message sorted by date: FreeBSD Security Advisory: FreeBSD-SA-00:70.ppp-nat
Next message sorted by date: FreeBSD Ports Security Advisory: FreeBSD-SA-00:71.mgetty
Previous message sorted by thread: FreeBSD Security Advisory: FreeBSD-SA-00:70.ppp-nat
Next message by thread: FreeBSD Ports Security Advisory: FreeBSD-SA-00:71.mgetty
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Nov 2000