[security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD
Security Advisory FreeBSD-SA-03:17.procfs]
Barney Wolff
barney at databus.com
Fri Oct 3 19:48:55 PDT 2003
On Fri, Oct 03, 2003 at 07:17:50PM -0700, Will Andrews wrote:
>
> ... The rule is that changes are always committed to
> -CURRENT first, unless they do not apply. This rule is rarely
> broken in FreeBSD, and certainly never broken for security issues.
That's of course expected and appreciated. But consider the different
actions required of a reasonably paranoid FreeBSD SA on receipt of
a security advisory: If following anything but -current, cvsup and
check the versions of the listed files. If following -current,
either trust that the updates made it to the mirror of choice, or
look up on www.freebsd.org what the latest versions of the listed
files are and check that you have them. Since the SO is presumably
taking the changes from -current, I hope it would not be too much
of an imposition to list those versions in the advisory as well.
Thanks,
Barney
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-current
mailing list