From owner-freebsd-security Wed May 15 16:31:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203]) by hub.freebsd.org (Postfix) with ESMTP id EDE2337B411 for ; Wed, 15 May 2002 16:30:44 -0700 (PDT) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.12.3/8.12.3) with ESMTP id g4FNUicI092019 for ; Wed, 15 May 2002 19:30:44 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Wed, 15 May 2002 19:30:39 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: FreeBSD Security Subject: RE: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> Message-ID: <20020515192522.V91981-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 15 May 2002, Brett Glass wrote: > At 03:31 PM 5/15/2002, Michael Lafreniere wrote: > > >CVS is a programming AND admin tool. > > Only for admins that are willing to risk problems on mission-critical > systems. One should not blindly do updates, and certainly not with > cron. Asked and addressed--REPEATEDLY--in this forum. If you have mission-critical machines, then you set aside a machine to do your builds and testing on, and then use the results of the (now tested) build to upgrade your mission-critical servers. Don't like it? Step up and supply the patches needed to automate providing binary patches to userland and /modules. /kernel must still be built by hand for everyone who doesn't use GENERIC (and that's darned near everyone), and *that* mandates CVSup, CVS, or CTM, unless you can think of (and contribute) a different method. > >I don't wanna be an arse but I've been following this list for over 6 > >months now and you seem to get stuck on the same issues over and over > >again. Even after you've gotten good solid answers. > > Those "answers" were not solid. In fact, the were not really answers at all. > > They were a combination of elitist remarks (e.g. "Anyone who doesn't > use CVSup is a lamer") and poor excuses. It's sad that these vocal > few seem to have forgotten what it was like to be a new user of UNIX and > FreeBSD. Or that they lack the ethical compass to recognize that allowing > FreeBSD to install, by default, with open remote root holes and not warning > the user is simply WRONG. If that bothers you so much, CONTRIBUTE THE PATCHES TO CHANGE IT. No one else appears to have such a problem with requiring users and admins to RTFM and use CVSup to upgrade their machines--at least, it's not a big enough problem to them to warrant dropping everything to implement a solution right *now*. > The excuses I've heard here are almost as bad as the excuses Microsoft > makes for refusing to reveal and patch security holes. What excuse do *you* make for not contributing to the solution that you desire so much? Stuff like this only gets contributed when someone cares about it enough to do so. Sitting back and demanding that someone else implement your pet desire--for free--is sheer petulance. (I'm about to put my money where my mouth is--I have a machine set aside for CURRENT, and I'll be playing in that sandbox pretty soon.) -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net Turning coffee into software since 1990. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message