From owner-freebsd-security@FreeBSD.ORG Thu May 25 19:19:26 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B085B16B0A8 for ; Thu, 25 May 2006 19:19:26 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp4.server.rpi.edu (smtp4.server.rpi.edu [128.113.2.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD4BE43D73 for ; Thu, 25 May 2006 19:19:25 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp4.server.rpi.edu (8.13.1/8.13.1) with ESMTP id k4PJJMMF010301; Thu, 25 May 2006 15:19:24 -0400 Mime-Version: 1.0 Message-Id: In-Reply-To: <20060525082821.GA93011@kierun.org> References: <20060523120100.37D2B16A54F@hub.freebsd.org> <20060523083944.H96736@eboyr.pbz> <20060523160051.GA78620@kierun.org> <44741A43.40302@kernel32.de> <20060524144537.46463a90@hydrocodone.org> <20060525082821.GA93011@kierun.org> Date: Thu, 25 May 2006 15:19:20 -0400 To: Yann Golanski From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) on 128.113.2.4 Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2006 19:19:37 -0000 At 9:28 AM +0100 5/25/06, Yann Golanski wrote: >Quoth Garance A Drosihn on Wed, May 24, 2006 at 15:40:23 -0400 >> >> The answer is: build host + jails for a testing environment... > > >> This'll reduce your actual downtime. > > > > > > Did you just tell him to get another computer for > > > each arch to have as a build machine??? > > > > > > Being a broke college student I don't think that's > > > something I'd ever do to install updates on my boxes. > > > I can't afford another computer just to build updates > > > when every other OS I use does updates in another way.... > > >> If you are a college student with a few machines that >> you work with, then you can afford some downtime. > >Why? Just because I am from a mathematics department >with no money for hardware at all does not mean that >our VLE does not have to run all the time. Because if you have many machines which have to be up 100% of the time, then the ports collection is not the only thing which is going to haunt you. The ports collection can be improved upon, of course, but even a perfect ports collection will not solve all the problems of running a large collection of mission-critical computers. What I am saying is that the message which said "Buy another machine" was *NOT* directed to every single user of the ports collection. It was merely advice to anyone who has a large collection of hardware that they need to keep running all the time. There are several unavoidable costs to running computers 24/7. Those costs do not disappear simply because you have no budget. If someone "can not afford downtime", then they have to find a budget to cover those expenses. That is just friendly advice from people who *DO* run lots of computers. There are many things that can go wrong, most of which have nothing to do with the ports collection. Also note that the advice (which is still in the above quote) included the idea of using jails for testing the ports-environment changes. So, the advice didn't even demand that *anyone* had to buy new hardware. This thread started because *Colin* set up a security survey. He *already* realizes that the project needs to do something so that more people are willing and able to apply security fixes once the project comes up with them. So don't go all pouty and claim that no one here appreciates your situation. Many people work very hard to provide the operating system and ports collection for *NO COST*, so don't pretend that we're some greedy bastards who are insensitive to your zero budget. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu