From owner-freebsd-security@FreeBSD.ORG Wed Aug 22 10:44:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CBD78106564A for ; Wed, 22 Aug 2012 10:44:28 +0000 (UTC) (envelope-from ady@ady.ro) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 836BE8FC0C for ; Wed, 22 Aug 2012 10:44:28 +0000 (UTC) Received: by yenl7 with SMTP id l7so622934yen.13 for ; Wed, 22 Aug 2012 03:44:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=+RIlSl8YJoYdSdb5ZvMwvBgt2dRXht/3YWYcm3C61hc=; b=ZB2UCZG0ChVVy6ZyfTphVDm/0hJb8YFjR57Etf5JmHMU9Gzlu/HjD7eZcsS/NLD7cg vRksQnWhmNpWLKwIrU6HlD4tr18fgP4km6wJmtx7f7PVDqpMxalzVz0n1XRHwnoexfe8 7jbHaExuymM1Zs/JM2V8wwRm7wTIxc83XpYPlSBEvaNajsIXo40DUvzlLwrpPrt4Mzh/ F+Ec8d4w22Sm8UZx3Y0BYWKJkR2z3/Nw1+TX3yfFhBkO6AghaE04oVrPFw760HDSmcyy EcvIEaRdZXwlkfxlNSYhIUO/EOGhGAzLdG5yZpb2lBjoejRe9enK3FZgYHYazuTSx+04 jTEw== Received: by 10.50.173.2 with SMTP id bg2mr1666286igc.1.1345632267226; Wed, 22 Aug 2012 03:44:27 -0700 (PDT) MIME-Version: 1.0 Sender: ady@ady.ro Received: by 10.64.44.36 with HTTP; Wed, 22 Aug 2012 03:44:07 -0700 (PDT) In-Reply-To: <20120821155622.A9FB5106566C@hub.freebsd.org> References: <20120821120031.9B0771065674@hub.freebsd.org> <20120821155622.A9FB5106566C@hub.freebsd.org> From: Adrian Penisoara Date: Wed, 22 Aug 2012 13:44:07 +0300 X-Google-Sender-Auth: vhLLiz8fH9G4LJch4OnCF9IdZQc Message-ID: To: Roger Marquis Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlnNfPdFVvoYRVrDXSLpmPm7/PXQZmqYa4hrTydbsPkit4bARhESeH1nhooImkt1jJtyWDD X-Mailman-Approved-At: Wed, 22 Aug 2012 11:12:56 +0000 Cc: freebsd-security@freebsd.org Subject: Re: getting the running patch level X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 10:44:28 -0000 Hello, On Tue, Aug 21, 2012 at 6:49 PM, Roger Marquis wrote: > Jilles Tjoelker wrote: [...] > > WRT writing a new file, something like /etc/bsd-release would be a good > choice following the principle of least surprise. Mergemaster can and > should ignore it (and motd, issue, ...). > I support the idea of using an /etc/*-release file to tag (and this makes me think about /var/db/freebsd-update/tag) the current release version details of the system (not only the kernel, but the whole installed system). This seems to be a popular choice among Linux distributions and thus ISV's should feel comfortable with the approach. Mergemaster and/or other updating mechanisms should update the file to reflect the reality after upgrades/updates. Now the format of the file would be also debatable: other vendors releasing derivative works from the main FreeBSD source tree (like FreeNAS, PC-BSD, etc.) will want to leave some marks as well. Should we retain only the vendor's release tag or should we have a multiple entries (for the original FreeBSD version and the vendor) ? Should we even think about multiple ${vendor}-release files or just bsd-release ? Thanks for your time, Adrian Penisoara EntepriseBSD