Date: Thu, 18 Apr 2002 12:02:37 -0600 From: Nate Williams <nate@yogotech.com> To: Brett Glass <brett@lariat.org> Cc: nate@yogotech.com (Nate Williams), David Wolfskill <david@catwhisker.org>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <15551.2621.764783.518524@caddis.yogotech.com> In-Reply-To: <4.3.2.7.2.20020418115527.021d9f00@nospam.lariat.org> References: <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <4.3.2.7.2.20020418115527.021d9f00@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Pray tell who is going to very that a snapshot is both 'known and good'? > > That's not "known and good" -- it's "known TO BE good." Same thing. If it's good, and you have no way of getting the same snapshot it doesn't help you. > >Simply applying security patches doesn't (necessarily) qualify as giving > >you your requirement, > > Not if the version being used has also been altered in other ways. Sure it does. The security patch could break your running system, because it may not have been tested in your exact configuration, on your exact hardware. > >This ain't rocket science here.... > > No, it's not. Other open source projects issue periodic "patch level N" > snapshots between releases. As does FreeBSD, if you'd get your head out of your butt and use it. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15551.2621.764783.518524>