Date: Wed, 24 May 2006 14:45:37 -0400 From: Allen <slackwarewolf@comcast.net> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Survey Message-ID: <20060524144537.46463a90@hydrocodone.org> In-Reply-To: <44741A43.40302@kernel32.de> References: <20060523120100.37D2B16A54F@hub.freebsd.org> <20060523083944.H96736@eboyr.pbz> <20060523160051.GA78620@kierun.org> <44741A43.40302@kernel32.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 May 2006 10:33:07 +0200 Marian Hettwer <MH@kernel32.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hej Yann, > > Yann Golanski wrote: > > Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700 > > > >>Peter Jeremy wrote: > >> > >>>One of the major problems with unattended/automatic updating is > >>>that it is hard to filter them. > >> > >>It's hard to make a good case for automatic updates when manual > >>updates are so easy. > > > > > > So, here is a question: I have three machines, all on different hardware > > but with the same version of FreeBSD that are updated manually. Now, > > how about I get a dozen machines... How do I do that in a reasonable > > amount of time? > > You get yourself a build machine. > Say you have 10 amd64 machines and 10 intel boxes, well, then you'll > need one amd64 machine and one intel machine. > Set up jails on this build host. Each jail having the specific make.conf > and stuff configuration you like. > Let's say > intel machine: > jail-1 --> for your MySQL machines > jail-2 --> for your Apaches > jail-3 --> for your mailservers > > go to each jail and built yourself some packages (make package). Then > use those packages to install them on your production machines. > You may want to abuse these jails to do some testing wether the packages > are okay too... > > It really depends on how many machines you have, on how many different > tasks they have and on which archictures you're running. > > The answer is: build host + jails for a testing environment... > This'll reduce your actual downtime. > Did you just tell him to get another computer for each arch to have as a build machine??? Being a broke college student I don't think that's something I'd ever do to install updates on my boxes. I can't afford another computer just to build updates when every other OS I use does updates in another way.... I still say it would be best for all to ahve something in FreeBSD similar to Slackware where yuo just use wget or smoething to grab a patch .tgz file and use upgradepkg to install it without having to do this. Some people say this isn't right or it's not a secure way to do this, but what's worse? the very small chance fo a patch in this way having a problem, or the people I've seen reply saying they don't install patches at all? I'd rather install a patch than not do it but with the current system it just takes way to long. I have two routers and a switch in front of my mahcines, and Linux boxes in front of that, and really, it's much easier to type upgradepkg *.tgz than it is to go through the process that I'd need to do for FreeBSD. As I've said before portupdate and FreeBSDupdate arwe a great start, but the fact remains, buildworld over a telnet patch is just terrible. And as I've also pointed out, I'll continue using FreeBSD regaulrdess of if the way I'd like is there or not, but a lot of people using other OSs, they just don't think there is any worth in going through this much trouble over a patch. Specially the peopel coming to Free BSD from Windows. They remember patches breaking more than they helped, and when they see what you have to do to get most fo these insatlled theya re going to say the hll with it and not install any of them. The FreeBSD summer of code is coming up here, and I'd really love to see someone add something to freeBSD that allows patches to be installed with an app in the way Linux does it. This would for sure help out a lot. I mean someone can argue all they want how yuo can't do this or that when you're installing oatches like Linux does, but when you consider how mahy people don't even install patches because of how much time it takes, or when someone liek I quoted says buy ANOTHER computer for every arch you're using to use as a build box.... That just isn't going to happen for most people. Either way I'll continue sending my 1,000 dollars out for Free BSD, but I'd just liek to see the money I spend on it and the Free BSD mall, go to something good like making a new way to install security and bug fixes. -Allen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060524144537.46463a90>