Bugfixes, security fixes, versions

Sat, 07 Oct 2000 19:31:58 -0700 

The whole "Stable Branch" thread on -security gave me an idea that's been
perculating for some time.

Problem: 
We have security problems in (say) -STABLE.  They get fixed.  We post an
advisory about it, giving correction dates for -STABLE and -CURRENT, and
the associated cutoff in which releases are fixed and which are not.
However, tracking dates on buildworlds etc is hard.  I'm sure I'm not
the only one who usually does build/installworlds on source at least a
week old.  I check it it, built it, and if it's clean, wait to see if
anyone else has any problems with it.  And since I tend to put off building
the kernel until I install, the date uname gives isn't necessarily useful
for checking this sort of stuff.

Idea:
In the version string (or maybe somewhere else convenient), start adding
codes at each -RELEASE along a branch.  So, say we find a bug in fingerd.
It's in 4.1-RELEASE, fixed in 4.1-STABLE at some point, and fixed in
4.2-RELEASE.  We could add an 'a' to the version string in -STABLE, so it
will read out as "4.1-STABLE a".  Find another bug and fix it, we have
"4.1-STABLE b".  Presumably, this would only apply to such things as
security holes, and potentially showstopper bugfixes.  If we really
needed more than 26, we could go to capital letters, or doubled in
parenthesis ...xyz(aa)(ab).  I somehow doubt that'd be a big problem.

Then, the version string could indicate what holes have been caulked up
in the system they're running.  They could be reset at each -RELEASE, so
the advisory can say:
4.1 and below is VULNERABLE
4-STABLE with code 'a' is NOT VULNERABLE
4.2 and above are NOT VULNERABLE


I can see a few flaws in this idea, but I figured I'd toss it out and let
the wolves tear it to shreds  ;)



-- 
Matthew Fuller     (MF4839)     |    [EMAIL PROTECTED]
Unix Systems Administrator      |    [EMAIL PROTECTED]
Specializing in FreeBSD         |    http://www.over-yonder.net/

"The only reason I'm burning my candle at both ends, is because I
      haven't figured out how to light the middle yet"


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to