Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 Oct 1999 11:54:08 -0400
From:      Jack Rusher <jar@mail.integratus.com>
To:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc:        Robert Watson <robert+freebsd@cyrus.watson.org>, David G Andersen <danderse@cs.utah.edu>, freebsd-security@FreeBSD.ORG
Subject:   Re: FreeSSH
Message-ID:  <3804AB20.2C7A97C9@integratus.com>
References:  <199910131436.IAA02185@faith.cs.utah.edu> <Pine.BSF.3.96.991013110640.20484A-100000@fledge.watson.org> <199910131530.LAA12034@khavrinen.lcs.mit.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman wrote:
> 
> This makes a lot of people very uncomfortable.  We have tried very
> hard to avoid user-visible internal versioning -- either you have
> ``the version that came with FreeBSD X.X'' or you don't.  What you
> suggest is not without merit, but it also opens up a can of worms many
> of us would rather see remain closed.

Should this thread be moved to FreeBSD-current, or FreeBSD-hackers? 
In either case, I think there is a potential for some really good
ideas to come out of this discussion, so let's move it and keep
talking about it.

First, let me say that the install process for FreeBSD is sweeter
than the install process for any commercial OS I have ever used;
kudos to the people who built what we have now.

Now, here are some thoughts (on this, and on a parallel subject):

Administration would probably be greatly simplified by a "Chinese
menu" approach to system configuration.  It would be very useful to a
lot of admins (especially the less senior ones) to be able to specify
what they want with a series of check boxes which add things to a
super minimal base install.  It would also make removing things a
hell of a lot easier for the security (and resource) conscience among
us.  There are certainly some non-trivial issues involved with
setting up a build policy that would facilitate use of cvsup to
remain in sync with the most modern version of the OS, but I think it
is worth looking at.

Also, I really like the Solaris model of having an /etc/system file
that instructs a very minimal kernel on how to load the modules that
are required to run the hardware and services that are configured for
that machine.  I would like to see FreeBSD move towards a modular
architecture that allows new hardware to be installed without
recompiling the kernel.  I know a lot of work has been done in this
direction (just look at the way vinum works), but it would be
interesting to see how far we could push this mode of system
organization.

It seems to me that both the modular kernel and package oriented
software install methods could be merged into a nice little
dependency tree that allows very fine grained control over system
configuration.

Comments?

-- 
Jack Rusher, Chief Engineer | mailto:jar@integratus.com
Integratus, Inc.            | http://www.integratus.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3804AB20.2C7A97C9>