Date: Thu, 16 Nov 2000 09:25:25 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: jwyatt@rwsystems.net (James Wyatt) Cc: kris@FreeBSD.ORG (Kris Kennaway), str@giganda.komkon.org (Igor Roshchin), rraykov@sageian.com, security@FreeBSD.ORG Subject: Re: problem using sysinstall Message-ID: <200011161725.JAA08006@gndrsh.dnsmgr.net> In-Reply-To: <Pine.BSF.4.10.10011151940550.93181-101000@bsdie.rwsystems.net> from James Wyatt at "Nov 15, 2000 07:47:26 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 15 Nov 2000, Kris Kennaway wrote: > > On Wed, Nov 15, 2000 at 04:48:39PM -0500, Igor Roshchin wrote: > > > Well, although we all understand what is "The Good Thing", > > > the reality of life makes us to do some compromises. > > > I believe, several (I would even say `many' ) > > > people on this list have done upgrades > > > (either via "make world" or via sysinstall) a) remotely > > > > Many people like to jump out of planes for thrills, too :-) > > Yes, but they receive a *lot* of warnings before they do, they see others > do it and live. Then, of course, they have a parachute too... (^_^) Actually we have 2 parachutes, just in case. And like in the remote upgrade situation one should always have a secondary plan of action incase things go wrong. Thank god for skydivers this secondary plan is clearly layed out, for the remote upgrader it is not always so clear. Sometimes a ``Okay, if it blows chunks I get in the car and go to the remote and fix it.'' is a fine backup plan (usually when the car trip is under the allowable down time for the system.) Other times this is not practical and more carefull planning needs to be done, ie travel cross country via commercial airline to fix a system. > What about not letting a bin extract *overwrite* files? (I know there is > work for that and I haven't offered to do it, but I'm asking to consider > it.) When doing an install from scratch, the mkfs has been run, so the > filesystem is clean. I don't know what to do for binaries for upgrades, > but the current approach doesn't work for that either, right? If you don't overwrite files you didn't do an upgrade. :-) > If I'm off-base, say so and I'll crawl back into the machine room - Jy@ Your not totally offbase in your concerns, but I think your directing them in the wrong direction. Any upgrade should be carefully planned, and to draw some more ``jumping'' related analogies a local upgrade is more like the everyday skydive, and a remote upgrade of a critical system is more like a BASE jump. I don't do a whole lot of planning out at the airfield when banging out a half dozen skydives, I spend 15 minutes packing my main canopy and count on my reserve should I have a problem with it. When doing a BASE jump I'll spend a good hour looking at exit points, landing area, where the cops might be coming from, escape routes, etc. It takes me a hour or two to pack the one and only canopy that _MUST_ save my life. When doing a remote critical upgrade one should take similiar precations, if possible do a little skydiving by upgrading similiar systems that are local to you so that you can catch potential pitfalls before you create a critical problem for yourself. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011161725.JAA08006>