From owner-freebsd-security Tue Jun 18 18:27:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 201DE37B406 for ; Tue, 18 Jun 2002 18:27:33 -0700 (PDT) Received: from user-2inivba.dialup.mindspring.com ([165.121.125.106] helo=earthlink.net) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 17KUFv-0001DL-00 for security@FreeBSD.ORG; Tue, 18 Jun 2002 18:27:32 -0700 Message-ID: <3D0FDE0D.2040100@earthlink.net> Date: Tue, 18 Jun 2002 18:27:41 -0700 From: Lawrence Sica User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.0.0) Gecko/20020529 X-Accept-Language: en-us, en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: CDs with patched Apache? References: <200206180539.XAA26264@lariat.org> <200206180539.XAA26264@lariat.org> <4.3.2.7.2.20020618033604.00d42aa0@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett Glass wrote: > At 12:31 AM 6/18/2002, Kameron Gasso wrote: > > >>Wasn't the fact that -RELEASE branches don't get updated with new packages already discussed extensively in the not-so-distant past? > > > Some folks yelled at me for pointing it out, but alas there was no > real discussion of how to solve the problem. > > >>Although it wouldn't be very glamorous (and I certainly wouldn't reccommend it), the port installed with the latest -RELEASE could be "broken" so it wouldn't download and install without someone forcing it. Still, this wouldn't really encourage them to upgrade their ports tree - it'd more than likely just cause much swearing and force people to work around the problem. > > > It'd still be a warning. Hmmm.... Maybe the warning could be made part > of pkg_add, and/or something that pkg_add executed. It would simply say, > "proceed at your own risk!" > > But if you were installing from CD, you wouldn't be warned. Unless.... > Unless pkg_add phoned home to check on the package. Which is possible > if the machine can be connected to the Net. > This is probably not feasible. I for one when installing from CD do not network the machine until I have done a bunch of other things first to secure it. That is why I use CD's beyond it being quicker and more reliable is so I can setup a box in a secure environment (Not networked). Plus the idea of the CD is to not need/require a network connection. Honestly I never use the CD packages since they will be outdated by the time I use it. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message