Date: Fri, 12 May 2000 12:58:42 -0400 (EDT) From: Igor Roshchin <str@giganda.komkon.org> To: "Robert Watson" <rwatson@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <200005121658.MAA86229@giganda.komkon.org> In-Reply-To: <Pine.NEB.3.96L.1000512123717.44824A-100000@fledge.watson.org> from "Robert Watson" at "May 12, 2000 12:40:04 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > For patches where it's appropriate, I've been strongly considering > releasing "packages" that update the key parts of the base OS for security > fixes. This would be similar to the BSD/OS patch level support for fixes, > although restricted only to security stuff. This would provide access to > security fixes for non-source-centric sites, which I think is important. > With 4.0 I haven't had the opportunity to exercise this possibility as > yet. :-) > > I.e., > > pkg_add secpatch_4.0-RELEASE_001.tgz > > Would replace the faulty binaries with better ones, and leave behind a > package install record so you could easily determine which security > patches are installed. And if appropriate, could back up the original > binaries allowing pkg_delete to restore the original state. > > Any thoughts on this? > > Robert N M Watson > That would be very useful for the production environment, as well as for the low-end computers, or just computers with limited resources. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005121658.MAA86229>