On 3/11/2016 9:36 PM, Matthew Seaman wrote:> On 2016/11/03 09:41, Kimmo Paasiala wrote:
>> Both 10.1 and 10.2 are going to be unsupported by the end of this
>> year, that's probably the reason the fix was not included in them.
>>
>> https://www.freebsd.org/security/#sup
>>
>
> Yes, but 10.1 and 10.2 are still supported for the next two months.
> That means they should get security patches where warranted until
> Dec 31st. There's no point in stating an EoL date if the end of the
> support lifetime is effectively a few months before that...
>
> If and advisory hasn't been issued for 10.1 and 10.2 that's because
> the Security Team currently don't think the problem applies to those
> versions. It's possible SecTeam are mistaken and will need to
> update the advisory, but SecTeam are usually pretty accurate about
> these things.
>
> Cheers,
>
> Matthew
>
>
But everyone should always feel comfortable asking questions,
particularly in matters of security and especially if things are left
unsaid, unstated, implicit, or remain ambiguous.
Security advisories should state explicitly when otherwise supported
versions are not vulnerable. It's surprising this isn't already the
case.
How might this be improved for the future?
./koobs