Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Apr 2001 15:43:47 -0700 (PDT)
From:      Nicole Harrington <nmh@daemontech.com>
To:        Ben Smithurst <ben@FreeBSD.org>
Cc:        freebsd-security@freebsd.org, Michael Bryan <fbsd-secure@ursine.com>, Michael Nottebrock <michaelnottebrock@gmx.net>
Subject:   Re: Security Announcements?
Message-ID:  <XFMail.010410154347.nmh@daemontech.com>
In-Reply-To: <20010410215014.A8173@scientia.demon.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

On 10-Apr-01 Ben Smithurst wrote:
> Michael Nottebrock wrote:
> 
> 
>> It certainly is starting to irritate people running
>> 4.2-Release.
> 
> Well if you want the latest security fixes you shouldn't be running a
> -release anyway, that's that the -stable branch is for.
> 

 Thats the most stupid thing I have every heard. I never knew that simply by
running -STABLE I would not have any security problems and would not need
patches or updates.


 As someone who runs many production level servers here is what I would want
 In order:

 1) A notice that there is problem - So I can tcpwrap or shutdown said service
until a patch is available.

 2) A binary patch.  Similiar to the Linux RPM.s  and the BSDi patches.
  Just download and run. No compiles no installs.

 3) A patch that everyone agrees works in an email or other notification that
says, here's were you can get the patch, this works, here's what to do with
it. 
 From my perspective it took days for people to stop discussing what patch
was best for ntpd and I still never heard a full resolution on the mailing
list. No official blessing of a patch other than what I would get via CVSUP.  I
have production servers, I can't run a CVsup everyday, let alone a make world. 


 Yes I may have missed a few mails or something. But expecting people to spend
their days tracking down patches and notices abt problems kinda negates the
whole idea of a security mailing and notification.
 The process seemed much better in the past, but lately, it has been much less
than optimal.

 Just my 2C

  Nicole



> -- 
> Ben Smithurst / ben@FreeBSD.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

----------------------------------
E-Mail: Nicole <nmh@daemontech.com>
Date: 10-Apr-01
Time: 15:26:44

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010410154347.nmh>