From owner-freebsd-security Thu Apr 18 9:30:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 0A4FA37B426 for ; Thu, 18 Apr 2002 09:29:21 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA26657; Thu, 18 Apr 2002 10:29:02 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3IGT2K25269; Thu, 18 Apr 2002 10:29:02 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15550.62541.903626.398637@caddis.yogotech.com> Date: Thu, 18 Apr 2002 10:29:01 -0600 To: Brett Glass Cc: Christopher Schulte , security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip In-Reply-To: <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> References: <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org> <200204171923.g3HJNga58899@freefall.freebsd.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ One more time, since Brett apparently doesn't 'get it'. ] > >You can synchronize your source tree and recompile. See: > > > >http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html > > Alas, this is not an acceptable solution. > > I realize that many people use FreeBSD on non-mission-critical systems, or > to tinker with, and can afford downtime. But we need to create and maintain > production machines. > > I hope that you can understand that doing a CVSup and then rebuilding the > world every night (slowing the system to a crawl in the process and > creating a system which might or might not be 100% stable) is not an > acceptable solution. Who said anything about building it every night? > Nor is downloading a random snapshot. (Which one can't seem to do > anyway these days; releng4.freebsd.org is refusing Who said anything about a 'random' snapshot. Pick the snapshot that has the fix applied (using the date), and build it. And, for what it's worth, code that seem to claim is 'random' on the RELENG_4_X is *exactly* the same code you would be getting if you download the patch and apply it to your system, except that it's automated. > What is needed is a known good "p3" (or "p-whatever") build that can be > installed quickly with minimum downtime. Yet, despite the fact that > people routinely refer to (for example) "4.5-RELEASE-p3", no such build > seems to actually exist. For those of us who create and manage production > servers, there should be. There is. Download the 'random snapshot' using the RELENG_4_5 tag. All I see from you is a lot of bitching about how the FreeBSD project didn't hold your hand tight enough and have a developer show up on your doorstop to install and verify every single version of FreeBSD you use. This email is send from someone who is in *production use* a large number of machines. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message