From owner-freebsd-doc@FreeBSD.ORG  Wed Aug 20 11:56:11 2003
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B766416A4BF
	for <doc@FreeBSD.org>; Wed, 20 Aug 2003 11:56:11 -0700 (PDT)
Received: from smtp100.mail.sc5.yahoo.com (smtp100.mail.sc5.yahoo.com
	[216.136.174.138])
	by mx1.FreeBSD.org (Postfix) with SMTP id 425D243F75
	for <doc@FreeBSD.org>; Wed, 20 Aug 2003 11:56:11 -0700 (PDT)
	(envelope-from gregw_work@yahoo.com)
Received: from ool-44c63a8c.dyn.optonline.net (HELO yahoo.com)
	(gregw?work@68.198.58.140 with plain)
	by smtp.mail.vip.sc5.yahoo.com with SMTP; 20 Aug 2003 17:34:38 -0000
Message-ID: <3F43B127.2030807@yahoo.com>
Date: Wed, 20 Aug 2003 13:34:31 -0400
From: Greg Weiss <gregw_work@yahoo.com>
Organization: PlezeCall
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: doc@FreeBSD.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: feedback, security documentation
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: gregw_work@yahoo.com
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2003 18:56:12 -0000


Being totally new to FreeBSD (but not Unix or BSD), I thought I'd give
you a heads up to the first thing I noticed in your documentation.

The FreeBSD Handbook, in the Security section, talks about setting up
a system securely but seems to totally omit the security process;
ie how to keep your machine patched against the exploits that
constantly arrive in the wild.  Where to find notifications of
security patches, etc.

Which is the first thing I went to look for since I received a system
already setup.

I did eventually find info in the "errata" portion of the release
notes, but it probably is worth mentioning elsewhere for newcomers
like myself.

Perhaps a 10.3.10 section, titled "Check regularly for security advisories",
with at a minimum, something like this:

         <p>Keeping your system updated with the latest security patches
         is an important aspect of system security.  You may want to
         subscribe to various email lists for this purpose.  You can
         find FreeBSD security advisories within the release notes
         of the latest version of FreeBSD, at:
http://www.freebsd.org/releases/4.8R/errata.html
http://www.freebsd.org/releases/5.0R/errata.html
         </p>

I hope you will accept this constructive cricism in the positive light it is 
intended. Thanks for the fine work.

Good luck,
   Greg Weiss