by mail.netbsd.org with SMTP; 10 Jul 2000 18:37:24 -0000
	id 95D522A1B; Mon, 10 Jul 2000 14:37:23 -0400 (EDT)
	by orchard.arlington.ma.us (Postfix) with ESMTP
	id 7BBBF1F98; Mon, 10 Jul 2000 14:37:23 -0400 (EDT)
To: tech-security@netbsd.org
Cc: security-officer@netbsd.org
Subject: security advisory policy.
Reply-To: sommerfeld@orchard.arlington.ma.us
Date: Mon, 10 Jul 2000 14:37:18 -0400
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Message-Id: <20000710183723.95D522A1B@orchard.arlington.ma.us>

Preparation and testing of security advisories and patches takes a
considerable amount of time.

Due to limited resources (both hardware and time), it is the current
policy of the security officer to only provide patches for release
branches which are getting active release-engineering support.
Advisories will continue to state that folks running a desupported
vulnerable release should upgrade to the most recent supported
release.

At this point, only 1.4-series release and the forthcoming 1.5-series
releases are considered supported; when releng stops maintaining
netbsd-1-4, security advisories will begin to suggest that users
upgrade to 1.5 or later.

					- Bill