From owner-freebsd-security  Thu Apr 18 10:47:42 2002
Delivered-To: freebsd-security@freebsd.org
Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122])
	by hub.freebsd.org (Postfix) with ESMTP id 805B637B47B
	for <security@FreeBSD.ORG>; Thu, 18 Apr 2002 10:47:14 -0700 (PDT)
Received: from bunrab.catwhisker.org (localhost [127.0.0.1])
	by bunrab.catwhisker.org (8.12.2/8.12.2) with ESMTP id g3IHlDZG029336;
	Thu, 18 Apr 2002 10:47:13 -0700 (PDT)
	(envelope-from david@bunrab.catwhisker.org)
Received: (from david@localhost)
	by bunrab.catwhisker.org (8.12.2/8.12.2/Submit) id g3IHlDiq029335;
	Thu, 18 Apr 2002 10:47:13 -0700 (PDT)
Date: Thu, 18 Apr 2002 10:47:13 -0700 (PDT)
From: David Wolfskill <david@catwhisker.org>
Message-Id: <200204181747.g3IHlDiq029335@bunrab.catwhisker.org>
To: brett@lariat.org, david@catwhisker.org,
	schulte+freebsd@nospam.schulte.org, security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
In-Reply-To: <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>Date: Thu, 18 Apr 2002 11:42:35 -0600
>From: Brett Glass <brett@lariat.org>

>>If you have systems that are that important to you -- and I do, even
>>here at home -- then acquire a machine to do the builds, and then use
>>some method other than "build in place" to install the result.  

>That's not sufficient to ensure that you didn't pick the wrong time
>to take a snapshot. Production machines must run a known good
>snapshot.

So build yourself a "snapshot" that suits you; test it according to the
needs of *your* environment.  If you are unwilling/unable to do so,
arrange for someone else to do it for you.  It's possible that someone
would volunteer to expend his or her time and other resources to do this
for you for free, out of gratitude for something, or some such thing;
more likely, the person would request some form of compensation.

This has been gone over before, and I'm not going to spam the -security
list further on the topic.

Cheers,
david       (links to my resume at http://www.catwhisker.org/~david)
-- 
David H. Wolfskill				david@catwhisker.org
Based on my experience as a computing professional, I consider the use of
Microsoft products as components of computing systems to be just as
advisable as using green wood to frame a house... and expect similar results.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message