From owner-freebsd-security Wed May 15 12:50:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from user205.net239.fl.sprint-hsd.net (user205.net239.fl.sprint-hsd.net [209.26.20.205]) by hub.freebsd.org (Postfix) with SMTP id DA48137B40F for ; Wed, 15 May 2002 12:50:10 -0700 (PDT) Received: (qmail 30603 invoked by uid 85); 15 May 2002 19:50:21 -0000 Received: from scorpio@drkshdw.org by scorpio.DrkShdw.org by uid 89 with qmail-scanner-1.10 (uvscan: v4.1.60/v4199. . Clear:0. Processed in 0.804553 secs); 15 May 2002 19:50:21 -0000 Received: from jeff.home.lan (HELO jeffrey.drkshdw.org) (192.168.134.2) by user205.net239.fl.sprint-hsd.net with SMTP; 15 May 2002 19:50:19 -0000 Message-Id: <5.1.0.14.0.20020515154731.00b5e870@mail.drkshdw.org> X-Sender: scorpio@mail.drkshdw.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 15 May 2002 15:51:38 -0400 To: security@freebsd.org From: Jeff Palmer Subject: Re: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> References: <20020515120324.E69211@switchblade.cyberpunkz.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >CVSup is a programmer's tool, not an administrator's tool. And it is >certainly not a tool for newcomers. It makes the learning curve far >too steep -- especially if the person doing the install is just learning >UNIX. Use of CVSup should not be necessary to do a secure install of >the system. If CVSup is a programmers tool, and not an administrators tool.. How is one supposed to keep his system updated and secure AFTER the initial install? How is one supposed to update to the latest branch, after the initial install. Sure, for security problems, You can just use supplied patches, However.. patches are typically only released for security related issues, not for average bugs. Saying that CVSup isn't an administrators tool, is a little narrow minded, and a lot unreasonable in my opinion. Part of being an administrator involves keeping the system up to date. Jeff Palmer scorpio@drkshdw.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message