From owner-freebsd-security@FreeBSD.ORG  Wed Dec 31 19:54:24 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E0B89189
 for <freebsd-security@freebsd.org>; Wed, 31 Dec 2014 19:54:24 +0000 (UTC)
Received: from mx5.roble.com (mx5.roble.com [206.40.34.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CF5AA2CC3
 for <freebsd-security@freebsd.org>; Wed, 31 Dec 2014 19:54:24 +0000 (UTC)
Date: Wed, 31 Dec 2014 11:54:18 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp
In-Reply-To: <8661cy9jim.fsf@nine.des.no>
References: <20141223233310.098C54BB6@nine.des.no>
 <86h9wln9nw.fsf@nine.des.no> <549A5492.6000503@grosbein.net>
 <868uhx43i5.fsf@nine.des.no> <20141226200838.DE83DACE@hub.freebsd.org>
 <8661cy9jim.fsf@nine.des.no>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Dec 2014 19:54:25 -0000

Dag-Erling Sm?rgrav wrote:
> Roger Marquis <marquis@roble.com> writes:
>> ... or those with constrained resources are never going to be able
>> to make/build/installworld for something as simple as a single binary
>> update.
>
> These sites would be better served using freebsd-update to download and
> apply binary patches.

Was afraid you might say that, not because it's unreasonable or
inevitable but because it illustrates the increasing tendency to refer
bug (and other) reports to use binary updates.

Problem with freebsd-update is that it has some of the same scope issues
as installworld.  We've also had problems defining "-r" (in a jail) when
the booted kernel is not the revision we want to build to.  Doesn't help
that "-r" doesn't parse patch levels.

freebsd-update also calls phttpget which has no man page.  This is one
Linux-ism (missing man pages) that FreeBSD is usually good at avoiding.

> I would suggest discussing this with the FreeBSD Foundation.  They have
> already taken an interest in the matter.

Thanks Dag,
Roger