On Thu, Aug 13, 2015 at 08:40:23PM +0000, Glen Barber wrote: > [info@ removed, not sure why that email address was included.]
I'm hoping for pressure from above, as this is an important step that's evidently being taken without quarterly branch security being bumped up in priority. It seems to come as a surprise to many folks, and certainly I wasn't aware of it until last week. (Also, board@ is now deprecated.) I think the change to a default quarterly branch a fantastic idea, but without additional security updates it's got an ugly element of risk associated with it, too. It will be the default, so as it stands, more folks will be running vulnerable software. > The reason this change was made is because the quarterly package set > receives less intrusive updates, but it does still receive security > updates. I included the "pkg audit" output explicitly to demonstrate that there are some gaping holes that will be deployed starting next week. > This is documented in the 10.2-RELEASE release notes, which also shows > how to change back to the 'latest' branch, if you so desire. As noted, I'm already on the quarterly branches, because I think it's a great idea generally. Falling back to the high-churn option to get access to security patches when what you want is a stable environment is an awful idea. I'm hoping that we do this, but do it right. I can't see how anyone could find fault with my expressing this concern, honestly. -- Mason Loring Bliss (( If I have not seen as far as others, it is because ma...@blisses.org )) giants were standing on my shoulders. - Hal Abelson _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
