From owner-freebsd-security@FreeBSD.ORG Mon Apr 10 22:25:08 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A16EE16A401 for ; Mon, 10 Apr 2006 22:25:08 +0000 (UTC) (envelope-from ricardo_bsd@yahoo.com.br) Received: from smtp101.mail.mud.yahoo.com (smtp101.mail.mud.yahoo.com [209.191.85.211]) by mx1.FreeBSD.org (Postfix) with SMTP id 110FE43D46 for ; Mon, 10 Apr 2006 22:25:07 +0000 (GMT) (envelope-from ricardo_bsd@yahoo.com.br) Received: (qmail 13607 invoked from network); 10 Apr 2006 22:03:03 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.br; h=Received:To:Subject:From:Organization:Content-Type:MIME-Version:Content-Transfer-Encoding:Date:Message-ID:User-Agent; b=OVu1nwKy/5rd31zNL3EW4KXZnVMXx84pBjcPrAxTXkvcAmjWPPlr+oTkqeIh07NWcbRH7zukiIwA2tvQjWCJbH74jsWzJmpvvAxrAp1XuBaMh34AJBW8DABbEQ/kMQSBlGYPuq0JLF7sWn27fIVBp4Wf7LQ1cTRpXLzX7lUoD8c= ; Received: from unknown (HELO localhost) (ricardo?bsd@201.1.76.169 with login) by smtp101.mail.mud.yahoo.com with SMTP; 10 Apr 2006 22:03:02 -0000 To: freebsd-security@freebsd.org From: "Ricardo A. Reis" Organization: UNIFESP Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Mon, 10 Apr 2006 16:03:00 -0300 Message-ID: User-Agent: Opera Mail/9.00 (FreeBSD) Subject: [RFC] Ideas and Questions in security updates ( portaudit, freebsd-update) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Apr 2006 22:25:08 -0000 Hi all, I use FreeBSD for severals years and this Project now have a possibility the full security update (src) with freebsd-update, is really great for Release users but is break for Stable user. Ok !!! Exist a possibility for apply manual patch and compile issue, but for me problem existe in fix kernel issue in stable branch because is require a update for last stable and this result in {make buildworld,kernel,installworld) large time for correct a security issue, in large enviroment with jails and critical applications like administrative ldap e high webservers. Correct issue in large enviroment is a tormento, and result in full downtime, what the recomendation for security update in large enviroment with jail ? About Ports security issues, one idea is integrate portaudit and portupgrade or create another tool for update ports, this ideia is based in Gentoo glsa-check ( http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=14 ) Thanks for Attention and sorry for my bad english. Ricardo A. Reis UNIFESP Unix and Network Admin _______________________________________________________ Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz. http://br.info.mail.yahoo.com/