From owner-freebsd-security Wed May 15 10: 3:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id ABF4037B401 for ; Wed, 15 May 2002 10:03:30 -0700 (PDT) Received: from switchblade.cyberpunkz.org (rob@localhost [127.0.0.1]) by switchblade.cyberpunkz.org (8.12.3/8.12.3) with ESMTP id g4FH3Oid002742; Wed, 15 May 2002 12:03:29 -0500 (CDT) (envelope-from rob@switchblade.cyberpunkz.org) Posted-Date: Wed, 15 May 2002 12:03:29 -0500 (CDT) Received: (from rob@localhost) by switchblade.cyberpunkz.org (8.12.3/8.12.3/Submit) id g4FH3OXr002741; Wed, 15 May 2002 12:03:24 -0500 (CDT)?g (envelope-from rob) Date: Wed, 15 May 2002 12:03:24 -0500 From: Rob Andrews To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020515120324.E69211@switchblade.cyberpunkz.org> References: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org>; from brett@lariat.org on Wed, May 15, 2002 at 10:37:49AM -0600 Organization: Cyberpunk Alliance Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =2E- - - - - - Brett Glass wrote (2002/05/15 at 11:38:51 AM) - - - - - - | |> I think you misunderstood my message. Yes, the port is updated, |> but the package is not. In fact, if you use /stand/sysinstall |> to list the packages for 4.5-RELEASE on ftp.freebsd.org, you |> see an entry for isc-dhcp3-3.0.1.r4, which is quite old. Why is it that you complain about these same issues over and over and get answers but seem to ignore them.. A user that installs a fresh system should always take the time to update a system to the current cvs branch with the latest updates for either -stable or -release. When you have a "release" version on CD you can't pull all those cd's back in, make the changes and send them back out to the stores now can you? Same logic applies to an ftp install of the released version of FreeBSD. It is what was released and was known stable at the time for the release. Updating that software before putting it to use, since there is an availability to do so, is not only a logical thing but its also common practice. (even Microsoft uses windowsupdate for this purpose.. go figure..) Packages imho should be avoided when possible. This is why we have cvsup and the ports collection. If people take the time to read the documentation as well as use countless other resources available to them before or after installing the operating system then they have a firm understanding of what needs to be done to take care of their system and how to prevent troubles in the first place. =20 [ snip ] Yes and those same packages are what they dump onto the cd's when they release the cd sets to the general public. Read above. cvsup and use ports.. same argument different week.. -r --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE84pTbAXwJ9YLqJJURArkMAJ9Sq6FnPJAODW1RZgdVSC8LXdIPigCcDOXS gElupdV0egnLq8ldCOVo8Wc= =9rbq -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message