On Thu, Jul 10, 2008 at 12:29:55PM +0200, Oliver Brandmueller wrote: > Hi, > > On Thu, Jul 10, 2008 at 03:17:26AM -0700, Xin LI wrote: > > Speaking as my own: Base system needs more conservative QA process, > > e.g. we want to minimize the change, we need to analyst the impact > > (FWIW the security fix would negatively affect heavy traffic sites) > > and document it (i.e. the security advisory), and we want to make the > > change a one-time one (for instance, shall we patch libc's resolver as > > well?), so rushing into a "presumably patched" state would not be a > > very good solution. > > I understand the reasons and that surely needs to be taken into account. > Does that imply that the FreeBSD project got the information later than > f.e. M$ or Debian, who are usually not really known for coming up too > fast with such fixes?
According to http://www.kb.cert.org/vuls/id/800113, FreeBSD was tested, but it doesn't say if it was informed. Microsoft knew about it earlier than yesterday, because they are a DNS software provider. Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org [EMAIL PROTECTED] | Weblog: http://www.mavetju.org/weblog/ _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
