From owner-freebsd-security Wed Mar 5 16:50:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B650037B401 for ; Wed, 5 Mar 2003 16:50:21 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0799343F75 for ; Wed, 5 Mar 2003 16:50:19 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 4EEBC15227; Wed, 5 Mar 2003 16:48:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 4CA1015226 for ; Wed, 5 Mar 2003 16:48:18 -0800 (PST) Date: Wed, 5 Mar 2003 16:48:18 -0800 (PST) From: Mike Hoskins To: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? In-Reply-To: <20030305164239.A543@cthulu.compt.com> Message-ID: <20030305163452.H73788-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 5 Mar 2003, Klaus Steden wrote: > > I'll drop the thread, but you're missing the point. The problem is that > > maintaining production FreeBSD systems is still far too time-consuming > > and awkward. It's a security issue AND a usability issue. The project > > as a whole really needs to get a handle on this issue. It's far easier than it is with most other platforms. I don't see what's so awkward about maintaining a number of BSD machines. I've done it on small LANs and large WANs, and have to admit it's one of the more pleasurable experiences in my daily routine. Updating glibc every month on 40+ production RH machines (only because IBM's JDK is developed on RH) is a much bigger PITA IMCO. > You could use Windows. They force you to install security fixes and upgrades > autmagically from the Internet. This isn't very useful... Although I've posted plenty of useless snippets in my time. As much as I hate Windoze, this is untrue. They actually force people that are too lazy to deselect a couple checkboxes and restart a service to periodically check for updates. The point is, it's configurable. The level of clue in people who don't know what services run on their Windows machines (especially if you actually use Windows machines for something "important") is about equal to that of a Unix admin who doesn't know what all that "ps stuff" is. -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message