From owner-freebsd-security@FreeBSD.ORG Mon Oct 31 16:25:16 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA91316A42A for ; Mon, 31 Oct 2005 16:25:16 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: from galois.wahtec.com.br (galois.wahtec.com.br [200.96.65.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id B061A43D49 for ; Mon, 31 Oct 2005 16:25:13 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: (qmail 21005 invoked by uid 98); 31 Oct 2005 16:26:35 -0000 Received: from 127.0.0.1 by brasil.intranet (envelope-from , uid 1024) with qmail-scanner-1.24 (f-prot: 4.4.7/3.14.13. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.106335 secs); 31 Oct 2005 16:26:35 -0000 X-Qmail-Scanner-Mail-From: suporte@wahtec.com.br via brasil.intranet X-Qmail-Scanner: 1.24 (Clear:RC:1(127.0.0.1):. Processed in 0.106335 secs) Received: from unknown (HELO buddyguy) (arisjr@unknown) by unknown with SMTP; 31 Oct 2005 16:26:35 -0000 From: suporte@wahtec.com.br To: freebsd-security@freebsd.org Date: Mon, 31 Oct 2005 16:25:45 +0000 User-Agent: KMail/1.8 References: <20051030120107.CD5CF16A422@hub.freebsd.org> In-Reply-To: <20051030120107.CD5CF16A422@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510311625.46334.suporte@wahtec.com.br> Subject: More on freebsd-update (WAS: Is the server portion of freebsd-update open source?) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2005 16:25:17 -0000 > Date: Sat, 29 Oct 2005 07:34:28 -0700 > From: Colin Percival > Subject: Re: Is the server portion of freebsd-update open source? > To: markzero > Cc: freebsd-security@freebsd.org > Message-ID: <43638874.2020004@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > markzero wrote: > > No this isn't insufficient, what is insufficient is that I currently > > can't run a local freebsd-update server. I'm quite limited by bandwidth > > here, you see. What would make more sense in my situation would be to > > have a local mirror of the 'official' freebsd-update server so that > > all of my machines can sync to that rather than all of them downloading > > over the WAN. > > Go ahead. :-):-) > > FreeBSD Update relies entirely upon static files served over HTTP, so if > you point your favourite HTTP mirroring tool at update.daemonology.net > you can create a local mirror. > > Another approach which is likely to be more useful is to set up an HTTP > proxy: Since many files on the FreeBSD Update web server won't be fetched > by most systems (FreeBSD Update attempts to use binary patches, and only > falls back to fetching complete files if the patching fails), using a > caching HTTP proxy will use far less bandwidth than mirroring everything. > > Colin Percival Hi, I have two questions to add to this thread... 1- if and when freebsd-update will be the official freebsd system binary update? Like, when it will be part of freebsd structure, with a dedicated server and stuff? ... It's far better then updating by cvs. 2- for future plans, is there any possibility to customize or add some features to kernels on official freebsd-update server? IPSEC is quite important on security. Since there isn't a LKM to use IPSEC (correct me if I'm wrong), when someone compiles the kernel to add it, he looses the freebsd-update kernel update. Regards, --aristeu PS: is there a way to use IPSEC without compiling the kernel?