[ On Friday, December 13, 2002 at 19:44:49 (-0800), Jeremy C. Reed wrote: ]
> Subject: Re: Dynamically Linked NetBSD-Current
>
> On Fri, 13 Dec 2002, Dan Melomedman wrote:
> 
> > > Another thing that I remember about that OpenBSD security advisory
> > > (and this was a while ago now) was that, at least initially, they told
> > > you to recompile the effected statically linked binaries but they
> > > didn't mention which ones were actually effected. This was why I
> > > immediately perked up when I heard about this.
> >
> > Probably because they were too lazy to find what was affected in the
> > distribution.
> 
> NetBSD has done same thing.
> 
> Maybe it's to encourage updates for other static software that may have
> been forgotton for previous issues.

That kind of encouragement would be much better achieved by making more
frequent and timely releases.

(having a better installer and upgrade assisting tools helps too!!!  ;-)


> Also, might as well keep everything using same libraries especially when
> troubleshooting possible future issues.

Again, that's solved much more effectively by creating more frequent and
timely full releases that are more easily used to upgrade existing
systems.

Note too that I think volunteer groups like the NetBSD core developers
have enough on their plate just maintaining the current release.  It
might help all-around to have them deprecate their own direct support of
older release branches more quickly (i.e. immediately upon the creation
of a new release).  People who really need ongoing support of older
releases can (and should) pay third party developers for this effort.

Even commercial GNU/Linux developers like Red Hat don't _really_ support
their older releases on branches!

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>