Date: 23 Oct 2001 22:17:28 -0700 From: Ken McGlothlen <mcglk@artlogix.com> To: "Julian Morgan" <jmorganmcse@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: REQUEST FOR COMMENT Message-ID: <878ze1zkev.fsf@ralf.artlogix.com> In-Reply-To: <F69p8eurQQtHT1DdQcp000011ad@hotmail.com> References: <F69p8eurQQtHT1DdQcp000011ad@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Julian Morgan" <jmorganmcse@hotmail.com> writes: | As a result they believe that it is better to get some certified hardware | firewall that provider upgrades patches, instead of having a Unix product | which is open source and requires patches all the time, updates ontop of the | usual monitoring, and dedicate a person to basically be ontop of all seven | sites all the time.... That's . . . silly. I've set up one FreeBSD box at my site to update itself on a periodic basis. It updates the source code and the ports tree. Cost: Nothing. Hassle: A little setup, nothing since. The same process sends me an email notification on what's changed, and I can choose to update or not as *I* see fit, not as someone else sees fit. Telnetd vulnerability? Doesn't affect me---I don't run telnet, so I didn't install it. But if it's a vulnerability in something I need, I reinstall it. I don't have to wait for some hardware manufacturer to first *admit* that they have a security bug, and then get around to installing the patch whenever they feel like it. I don't have to be subject to their often-lax security standards (it's amazing how many of these guys don't even change the passwords on their equipment), nor do I have to respond to their timetable. More importantly, I understand exactly what's being patched, and am fairly confident that each of these security patches have been reviewed by peers. All you need is one box to be updated all the time. The rest of the boxes, if they're set up intelligently, can get their updates from the master box. Julian, they're arguing from a standpoint where they don't have a leg to stand on. The arguments are full of fallacies. But you might not be able to win this one, because . . . their arguments are full of fallacies. If they can cling to such a nonsensical viewpoint, they're unlikely to listen to logic. Certification may matter more to these people than security or convenience or cost-savings. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?878ze1zkev.fsf>