[security-advisories@freebsd.org: [FreeBSD-Announce] FreeBSD
Security Advisory FreeBSD-SA-03:17.procfs]
Steve Kargl
sgk at troutmask.apl.washington.edu
Fri Oct 3 20:18:14 PDT 2003
On Fri, Oct 03, 2003 at 10:48:53PM -0400, Barney Wolff wrote:
> On Fri, Oct 03, 2003 at 07:17:50PM -0700, Will Andrews wrote:
> >
> > ... The rule is that changes are always committed to
> > -CURRENT first, unless they do not apply. This rule is rarely
> > broken in FreeBSD, and certainly never broken for security issues.
>
> That's of course expected and appreciated. But consider the different
> actions required of a reasonably paranoid FreeBSD SA on receipt of
> a security advisory: If following anything but -current, cvsup and
> check the versions of the listed files. If following -current,
> either trust that the updates made it to the mirror of choice, or
> look up on www.freebsd.org what the latest versions of the listed
> files are and check that you have them. Since the SO is presumably
> taking the changes from -current, I hope it would not be too much
> of an imposition to list those versions in the advisory as well.
>
If you're running -current, then you are reading the cvs-all
or at least the cvs-src mailing list. It should be apparent
that the fixes hit -current before the SA is announced.
--
Steve
More information about the freebsd-current
mailing list