FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
Ivan Voras
ivoras at fer.hr
Wed Oct 12 07:14:48 PDT 2005
Tobias Roth wrote:
> On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote:
> And you cannot expect the port maintainers
> to backport security fixes if the upstream provider chose to release the
> fix only together with a new version.
Yes you can, ask these guys: http://www.debian.org/. It's just a matter
of policy.
I dislike the long cycles between version updates in Debian but must
admit that the "stable" distributions indeed justify their name,
INCLUDING packages.
My idea is that there could maybe be some "core" ports, about 1500 or
so, that would get the special treatment of beeing updated in such a
"stable" fashion on a branch in ports tree tagged (for example)
RELENG_6_0. These ports would be publically announced as being
"anchored" to a release and updated (including backporting security
fixes) for as long as the release is maintained by the FreeBSD's
security team.
More information about the freebsd-security
mailing list