Linus Nordberg wrote:
Hi,
How are security issues in "upstream" software like the FreeBSD kernel
handled by the pfSense project?
As Bill said, we release point updates for any issues that affect the
system. Since this is a local-only issue, and if you have local access
on pfSense it's game over (any local access requires root-level access),
we wouldn't release a point update for this issue.
1.0.1 will not have any security updates released for the same reason it
hasn't had any bug fix releases, we made the mistake of not branching
1.0 in CVS. 1.2, once final, will get bug fixes and security update
point releases if necessary, during its life cycle. If 1.0.1 had a major
issue we could put out a fix that could be manually applied, but there
haven't been any, and there won't be any upgrade files put out.
You certainly won't want to build your own updates, besides the fact
that it's an arduous process to put it mildly, we'll promptly release
any necessary updates. We're all subscribed to the FreeBSD security
announcement lists, as well as security update notifications for other
included packages, and will fix issues as needed.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
