Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

At 10:13 AM 12/10/2005, Ivan Voras wrote:
>Tobias Roth wrote:
>>On Wed, Oct 12, 2005 at 12:09:53PM +0200, jere wrote:
>
>>And you cannot expect the port maintainers
>>to backport security fixes if the upstream provider chose to release the
>>fix only together with a new version.
>
>Yes you can, ask these guys: http://www.debian.org/. It's just a 
>matter of policy.
>
>I dislike the long cycles between version updates in Debian but must 
>admit that the "stable" distributions indeed justify their name, 
>INCLUDING packages.
>
>My idea is that there could maybe be some "core" ports, about 1500 or so,

This sounds like a recipe for confusion.  Some users have problems 
distinguishing between whats in the base, and whats out of the 
ports.  Another type of "psudo base app" would just add to the 
confusion.  Users / admins need to take *some* responsibility for 
what is installed on their system.  Many ports are not very well 
maintained in the first place and to say that the security team 
should be responsible for another 1500 applications is not realistic.

         ---Mike 

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"