Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
misc/50095: Can't find EOL information
0 views
Skip to first unread message
bma...@tenable.com
Jul 28, 2015, 2:18:25 AM7/28/15
to
>Number: 50095
>Category: misc
>Synopsis: Can't find EOL information
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: open
>Class: doc-bug
>Submitter-Id: net
>Arrival-Date: Mon Jul 27 23:15:01 +0000 2015
>Originator: Brian Martin
>Release: 4.0.1
>Organization:
Tenable Network Security
>Environment:
>Description:
Apologies for using this form, but the general feedback CGI was complaining the message was blank, when it was not. Ben Gergely recommended I use this form via Twitter, or the security contacts. Since this isn't a security issue, I am opting for this.
The issue: Tenable is trying to determine the End-Of-Life policy for NetBSD, or a list of dates when versions are/will become EOL. Up to version 4.0 can be found via netbsd-announce, but since then it doesn't appear there have been subsequent ones. Version 4.0.1 was released 2008-10-14 which was some time ago, leading us to believe it may be EOL.
Can you point us to a policy or source of information? Our customers rely on our vulnerability scanner to notify them of EOL operating systems that are not receiving security patches, and we would like to have accurate checks for all versions of NetBSD.
Thank you!
Brian
>How-To-Repeat:
>Fix:
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-...@muc.de
>Category: misc
>Synopsis: Can't find EOL information
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: open
>Class: doc-bug
>Submitter-Id: net
>Arrival-Date: Mon Jul 27 23:15:01 +0000 2015
>Originator: Brian Martin
>Release: 4.0.1
>Organization:
Tenable Network Security
>Environment:
>Description:
Apologies for using this form, but the general feedback CGI was complaining the message was blank, when it was not. Ben Gergely recommended I use this form via Twitter, or the security contacts. Since this isn't a security issue, I am opting for this.
The issue: Tenable is trying to determine the End-Of-Life policy for NetBSD, or a list of dates when versions are/will become EOL. Up to version 4.0 can be found via netbsd-announce, but since then it doesn't appear there have been subsequent ones. Version 4.0.1 was released 2008-10-14 which was some time ago, leading us to believe it may be EOL.
Can you point us to a policy or source of information? Our customers rely on our vulnerability scanner to notify them of EOL operating systems that are not receiving security patches, and we would like to have accurate checks for all versions of NetBSD.
Thank you!
Brian
>How-To-Repeat:
>Fix:
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-...@muc.de
Martin Husemann
Jul 28, 2015, 2:30:15 AM7/28/15
to
The following reply was made to PR misc/50095; it has been noted by GNATS.
From: Martin Husemann <mar...@duskware.de>
To: gnats...@NetBSD.org
Cc:
Subject: Re: misc/50095: Can't find EOL information
Date: Tue, 28 Jul 2015 08:28:18 +0200
You can find some information about actively maintained branches
here:
http://wiki.netbsd.org/releng/
The general release numbering scheme is explained here:
http://www.netbsd.org/releases/release-map.html
and especially:
http://www.netbsd.org/releases/release-map.html#graph1
Short summary: two major release branches are actively supported; shortly
after the (coming soon, hopefully) release of NetBSD 7.0 we will EOL
all netbsd-5 branches.
This is spelled out in all security advisories, for example:
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-003.txt.asc
which says:
Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.
Does this answer your questions? Let me know if you need more/other details.
Martin
From: Martin Husemann <mar...@duskware.de>
To: gnats...@NetBSD.org
Cc:
Subject: Re: misc/50095: Can't find EOL information
Date: Tue, 28 Jul 2015 08:28:18 +0200
You can find some information about actively maintained branches
here:
http://wiki.netbsd.org/releng/
The general release numbering scheme is explained here:
http://www.netbsd.org/releases/release-map.html
and especially:
http://www.netbsd.org/releases/release-map.html#graph1
Short summary: two major release branches are actively supported; shortly
after the (coming soon, hopefully) release of NetBSD 7.0 we will EOL
all netbsd-5 branches.
This is spelled out in all security advisories, for example:
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-003.txt.asc
which says:
Please note that NetBSD releases prior to 5.1 are no longer supported.
It is recommended that all users upgrade to a supported release.
Does this answer your questions? Let me know if you need more/other details.
Martin
John Nemeth
Jul 28, 2015, 2:35:23 AM7/28/15
to
On Jul 27, 11:15pm, bma...@tenable.com wrote:
}
} >Number: 50095
} >Category: misc
} >Synopsis: Can't find EOL information
}
} >Number: 50095
} >Category: misc
} >Synopsis: Can't find EOL information
} >Arrival-Date: Mon Jul 27 23:15:01 +0000 2015
} >Originator: Brian Martin
} >Release: 4.0.1
} >Organization:
} Tenable Network Security
} >Environment:
} >Description:
} Apologies for using this form, but the general feedback CGI was
} complaining the message was blank, when it was not. Ben Gergely
} recommended I use this form via Twitter, or the security contacts.
} Since this isn't a security issue, I am opting for this.
}
} The issue: Tenable is trying to determine the End-Of-Life policy
} for NetBSD, or a list of dates when versions are/will become EOL.
} Up to version 4.0 can be found via netbsd-announce, but since
} then it doesn't appear there have been subsequent ones. Version
} 4.0.1 was released 2008-10-14 which was some time ago, leading
} us to believe it may be EOL.
}
} Can you point us to a policy or source of information? Our
} customers rely on our vulnerability scanner to notify them of
} EOL operating systems that are not receiving security patches,
} and we would like to have accurate checks for all versions of
} NetBSD.
I don't have a link handy for you, but the general rule is
} >Originator: Brian Martin
} >Release: 4.0.1
} >Organization:
} Tenable Network Security
} >Environment:
} >Description:
} Apologies for using this form, but the general feedback CGI was
} complaining the message was blank, when it was not. Ben Gergely
} recommended I use this form via Twitter, or the security contacts.
} Since this isn't a security issue, I am opting for this.
}
} The issue: Tenable is trying to determine the End-Of-Life policy
} for NetBSD, or a list of dates when versions are/will become EOL.
} Up to version 4.0 can be found via netbsd-announce, but since
} then it doesn't appear there have been subsequent ones. Version
} 4.0.1 was released 2008-10-14 which was some time ago, leading
} us to believe it may be EOL.
}
} Can you point us to a policy or source of information? Our
} customers rely on our vulnerability scanner to notify them of
} EOL operating systems that are not receiving security patches,
} and we would like to have accurate checks for all versions of
} NetBSD.
that the current release train and the prior release train are
supported. Since the current release train is 6.x, this means that
4.<anything> is EOL.
}-- End of excerpt from bma...@tenable.com
John Nemeth
Jul 28, 2015, 2:40:12 AM7/28/15
to
The following reply was made to PR misc/50095; it has been noted by GNATS.
From: John Nemeth <jne...@cue.bc.ca>
To: gnats...@NetBSD.org, misc-bu...@netbsd.org, gnats...@netbsd.org,
netbs...@netbsd.org
Cc:
Subject: Re: misc/50095: Can't find EOL information
To: gnats...@NetBSD.org, misc-bu...@netbsd.org, gnats...@netbsd.org,
netbs...@netbsd.org
Cc:
Subject: Re: misc/50095: Can't find EOL information
0 new messages