From owner-freebsd-security@FreeBSD.ORG Sat Oct 29 02:25:58 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B59F16A41F for ; Sat, 29 Oct 2005 02:25:58 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFB3F43D45 for ; Sat, 29 Oct 2005 02:25:57 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr7so.prod.shaw.ca (pd2mr7so-qfe3.prod.shaw.ca [10.0.141.10]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IP300CW1O39HFB0@l-daemon> for freebsd-security@freebsd.org; Fri, 28 Oct 2005 20:25:57 -0600 (MDT) Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145]) by pd2mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IP300D29O39JBD0@pd2mr7so.prod.shaw.ca> for freebsd-security@freebsd.org; Fri, 28 Oct 2005 20:25:57 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IP30010SO38NP@l-daemon> for freebsd-security@freebsd.org; Fri, 28 Oct 2005 20:25:57 -0600 (MDT) Date: Fri, 28 Oct 2005 19:25:56 -0700 From: Colin Percival In-reply-to: <20051028072518.GA82014@logik.internal.network> To: markzero Message-id: <4362DDB4.6030906@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.92.1.0 References: <20051027233106.377D070DCE3@mail.npubs.com> <4361CD31.1080707@freebsd.org> <20051028072518.GA82014@logik.internal.network> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org Subject: Re: Is the server portion of freebsd-update open source? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2005 02:25:58 -0000 markzero wrote: > In my case, all I'm after is a way to distribute a custom build of > FreeBSD. When I say custom, I really just mean a standard build with > a custom make.conf: > > [snip] > > I'd rather not use NFS, for security reasons, so I've had to resort > to ad-hoc shell scripts to do updates. It'd be nice to have something > officially supported to replace them. It looks like nearly all of your customizations simply involve removing certain files from the system. FreeBSD Update is designed to handle this situation: If there is a security update in sendmail and you have deleted the sendmail binaries, FreeBSD Update will ignore that particular update. Is there any reason why this is insufficient? Colin Percival