CLARITY re: challenge: end of life for 6.2 is premature withbuggy 6.3

Paul Schmehl pschmehl_lists at tx.rr.com
Wed Jun 11 18:22:36 UTC 2008 

--On Wednesday, June 11, 2008 16:54:02 +0100 Robert Watson 
<rwatson at FreeBSD.org> wrote:

>
> On Wed, 11 Jun 2008, Andy Kosela wrote:
>
>> Redhat/CentOS is more reliable here as backports involves both security and
>> bug fixes, plus even new hardware enhancements.
>
> In the FreeBSD environment, we call the place that gets a blend of security
> and bug fixes, plus new minor feature and driver enhancements "-STABLE", and
> the releases that pick up these changes "point releases".  They happen more
> requently and with less risk than major releases, but still see enough
> development to represent functional improvements.
>
> I guess here's my concern: we offer a spectrum of choice for "I want the most
> bleeding edge" to "I want no feature changes, just security fixes", and
> several points in between.  We can argue about the exact placement of this
> points, but the reality is that the balance we have today seems to work well
> for many developers and users, and reflects a fairly carefully planned use of
> the available revision control and distribution technology.
>
> The place for volunteers to come in is where they see an obvious niche for
> improvement -- for example, a few years ago this guy named Colin Percival
> turned up with a binary update system.  After a couple of years of
> enhancement, breaking it in, etc, it's now a standard tool for maintaining
> FreeBSD systems, and he's our security officer.  Similar opportunities exist
> for offering easier updates to packages, etc, but require people who have a
> clear need and the technical ability to do the work to turn up and do it.
>

>From a security standport, backporting fixes to previous versions of ports 
creates a difficulty.  It's much harder to tell, for example, if a RedHat 
"port" is vulnerable or not, because RedHat uses their own proprietary 
versioning system to define "where" a particular "port" is at.

So, while your system might *say* it's running php version 5.2, it's really 
*not* vulnerable because in RedHatese it's version 5.2.1.6.92000.p-2.1 (I'm 
just making that up.)

If this idea ever gets off the ground, I *hope* the folks involved with find a 
rational, logical way to define the versioning so that it's not hieroglyphics 
to the average person.

-- 
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

More information about the freebsd-stable mailing list