Date: Fri, 26 Dec 2014 12:08:29 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp In-Reply-To: <868uhx43i5.fsf@nine.des.no> References: <20141223233310.098C54BB6@nine.des.no> <86h9wln9nw.fsf@nine.des.no> <549A5492.6000503@grosbein.net> <868uhx43i5.fsf@nine.des.no>
| previous in thread | raw e-mail | index | archive | help
Dag-Erling Sm?rgrav wrote: > Eugene Grosbein wrote: >> Why does it say "Recompile the operating system using buildworld and >> installworld"? > > Because that's what the template says, and we rarely change it to > something more specific (in large part because that requires careful > testing of the exact instructions we publish). "Rebuild, reinstall and > reboot" may be overkill, but it's never wrong. This is most unfortunate as it creates a high bar for base security patches at many FreeBSD shops. Sites with a significant number of production hosts, jails and/or filesystem fingerprinting (integrit, tripwire) or those with constrained resources are never going to be able to make/build/installworld for something as simple as a single binary update. I assume the root cause is insufficient resources within the freebsd security team. If that's the case would there be a budget estimate associated with addressing this security advicory situation? Since quick publication of advisories is critical this also raises the question of what might be an effective way to subsequently publish more granular update instructions. Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>