From owner-freebsd-security Wed Oct 13 8:54:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from primary.rci.net (mail.rci.net [209.251.132.252]) by hub.freebsd.org (Postfix) with ESMTP id 09ADC15300 for ; Wed, 13 Oct 1999 08:54:31 -0700 (PDT) (envelope-from jar@mail.integratus.com) Received: from integratus.com (162.p1.dialup.gru.net [198.190.223.162]) by primary.rci.net (8.9.3/8.9.3) with ESMTP id LAA75991; Wed, 13 Oct 1999 11:53:51 -0400 (EDT) (envelope-from jar@mail.integratus.com) Message-ID: <3804AB20.2C7A97C9@integratus.com> Date: Wed, 13 Oct 1999 11:54:08 -0400 From: Jack Rusher Organization: Integratus, Inc. X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Garrett Wollman Cc: Robert Watson , David G Andersen , freebsd-security@FreeBSD.ORG Subject: Re: FreeSSH References: <199910131436.IAA02185@faith.cs.utah.edu> <199910131530.LAA12034@khavrinen.lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > > This makes a lot of people very uncomfortable. We have tried very > hard to avoid user-visible internal versioning -- either you have > ``the version that came with FreeBSD X.X'' or you don't. What you > suggest is not without merit, but it also opens up a can of worms many > of us would rather see remain closed. Should this thread be moved to FreeBSD-current, or FreeBSD-hackers? In either case, I think there is a potential for some really good ideas to come out of this discussion, so let's move it and keep talking about it. First, let me say that the install process for FreeBSD is sweeter than the install process for any commercial OS I have ever used; kudos to the people who built what we have now. Now, here are some thoughts (on this, and on a parallel subject): Administration would probably be greatly simplified by a "Chinese menu" approach to system configuration. It would be very useful to a lot of admins (especially the less senior ones) to be able to specify what they want with a series of check boxes which add things to a super minimal base install. It would also make removing things a hell of a lot easier for the security (and resource) conscience among us. There are certainly some non-trivial issues involved with setting up a build policy that would facilitate use of cvsup to remain in sync with the most modern version of the OS, but I think it is worth looking at. Also, I really like the Solaris model of having an /etc/system file that instructs a very minimal kernel on how to load the modules that are required to run the hardware and services that are configured for that machine. I would like to see FreeBSD move towards a modular architecture that allows new hardware to be installed without recompiling the kernel. I know a lot of work has been done in this direction (just look at the way vinum works), but it would be interesting to see how far we could push this mode of system organization. It seems to me that both the modular kernel and package oriented software install methods could be merged into a nice little dependency tree that allows very fine grained control over system configuration. Comments? -- Jack Rusher, Chief Engineer | mailto:jar@integratus.com Integratus, Inc. | http://www.integratus.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message