Date: Tue, 2 Jul 2002 08:19:43 -0700 (PDT) From: Colin Andrew Percival <cperciva@sfu.ca> To: freebsd-hackers@freebsd.org, brett@lariat.org Cc: nectar@freebsd.org Subject: Re: FreeBSD Auto-update (Was: Re: resolv and dynamic linking to compatlibc) Message-ID: <200207021519.IAA22280@fraser.sfu.ca> In-Reply-To: <20020702002229.V47784-100000@topperwein.dyndns.org> from "Chris BeHanna" at Jul 02, 2002 10:32:23 AM
next in thread | previous in thread | raw e-mail | index | archive | help
[Apologies if this gets delivered twice; some broken DNS is causing mail sent via shaw.ca to bounce.] At 10:32 02/07/2002 -0400, Chris BeHanna wrote: >On Mon, 1 Jul 2002, Brett Glass wrote: >> Alas, ethics demand that [older code which is now known to have security >> flaws] be either taken offline or accompanied >> with a clear, visible, and strong warning. > > Who is going to expend the time and effort to do this, and what >task should they let drop on the floor to get it done? > >> A snapshot of 4.6-STABLE should also be made and released as 4.6.1. > > You could contribute to that, for a start, to make sure that the >modularity needed to plug in an update facility is designed in. I'd >suggest piggybacking the update facility on top of portupgrade to >minimize duplication of effort. That, of course, depends upon the >availability of known good binary packages with valid MD5 checksums >and/or PGP signatures, and that's a whole 'nother resource problem. I'm new here (well, I've only been around for a bit over a year) so I'm probably hopelessly lost, but... what is wrong with making world and (GENERIC) kernel each time the 4.6 security branch is updated, and publishing (signed) lists of the form "if you have file X with md5 hash X_hash, replace it with file Y with md5 hash Y_hash" (where X is a local path, and Y is a URL)? I'd do this myself, except that I don't have any secure system to do this, and I'd be horrified if anyone would trust binary updates coming from me anyway. Colin "it can't really be that easy, can it?" Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207021519.IAA22280>