From owner-freebsd-security  Thu Apr 18  9:10:50 2002
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id D945837B400
	for <security@FreeBSD.ORG>; Thu, 18 Apr 2002 09:10:45 -0700 (PDT)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id KAA16638;
	Thu, 18 Apr 2002 10:10:27 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms.
Message-Id: <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org>
X-Sender: brett@nospam.lariat.org
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 18 Apr 2002 10:10:15 -0600
To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
In-Reply-To: <5.1.0.14.0.20020418000849.02931cf8@pop3s.schulte.org>
References: <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org>
 <200204171923.g3HJNga58899@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 11:11 PM 4/17/2002, Christopher Schulte wrote:

>You can synchronize your source tree and recompile.  See:
>
>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html

Alas, this is not an acceptable solution. 

I realize that many people use FreeBSD on non-mission-critical systems, or
to tinker with, and can afford downtime. But we need to create and maintain
production machines.
 
I hope that you can understand that doing a CVSup and then rebuilding the 
world every night (slowing the system to a crawl in the process and
creating a system which might or might not be 100% stable) is not an 
acceptable solution. Nor is downloading a random snapshot. (Which one
can't seem to do anyway these days; releng4.freebsd.org is refusing

What is needed is a known good "p3" (or "p-whatever") build that can be 
installed quickly with minimum downtime. Yet, despite the fact that 
people routinely refer to (for example) "4.5-RELEASE-p3", no such build 
seems to actually exist. For those of us who create and manage production 
servers, there should be.

--Brett Glass


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message