From owner-freebsd-security Tue Jan 1 14:17:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id 210ED37B423; Tue, 1 Jan 2002 14:17:22 -0800 (PST) Received: from there (nic-118-c60-194.mn.mediaone.net [24.118.60.194]) by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with SMTP id g01MGstg025061; Tue, 1 Jan 2002 16:16:54 -0600 (CST)?g (envelope-from rob@cyberpunkz.org)œ Posted-Date: Tue, 1 Jan 2002 16:16:54 -0600 (CST) Abuse-Contact: abuse@cyberpunkz.org Content-Type: text/plain; charset="iso-8859-1" From: Rob Andrews Reply-To: rob@cyberpunkz.org Organization: Cyberpunk Alliance Message-Id: <200201011538.44206@cyberpunkz.org> To: cjclark@alum.mit.edu, "Crist J. Clark" , Robert Watson Subject: Re: openssh version Date: Tue, 1 Jan 2002 16:16:46 -0600 X-Mailer: KMail [version 1.3.2] Cc: John Hay , Randy Bush , freebsd-security@FreeBSD.ORG References: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> <20020101130601.A153@gohan.cjclark.org> In-Reply-To: <20020101130601.A153@gohan.cjclark.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday 01 January 2002 15:06, Crist J. Clark wrote: [- snip -] While I have no arguement with these issues there is one thing that I do however have issue with in regard to the current way openssh is handled between the base system and the port. Since the base system version does not install in the local file system, nor does the port version by default install in the base file system, there should be a clear way to force the port version to be able to install over the current base system or to have the base system version be deinstalled when you install the port so as to not have conflicting versions on the system. Its impractical to have the version in the base system be started up from the system rc yet the port version installs with a startup script unless you delete the shell script and change the location in the rc.conf of the new version to run. Which still leaves the old version on the system which in some cases might be flawed or not be desirable to an admin to have it on their system. Saying this brings up the point that the version in the base system of 4.4-stable was in fact a flawed version of openssh and unless people were reminded or on the ball enough to realize that the port version doesn't install over the base system version, they might very well have the old version of sshd startup on the system upon rebooting the machine. I think the point really is that the way its currently handled, its just very messy and should be thought out more clearly on how a peice of software that is part of the security of a system should be managed as to insure that the software is effective in its task. Brutally put, this is a poor system currently and needs to be more clearly laid out for people who are attempting to grasp how freebsd can be benificial over other systems. Ease of managing the software upgrades is probably one of the bigger sell points to myself and several others I know that use freebsd religiously. Just my two cents.. Happy New Year.. Rob Andrews Cyberpunk Alliance http://cyberpunkz.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message