Date: Thu, 24 May 2007 00:27:06 -0700 From: Colin Percival <cperciva@freebsd.org> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-arch@freebsd.org Subject: Re: RFC: Removing file(1)+libmagic(3) from the base system Message-ID: <46553E4A.1060008@freebsd.org> In-Reply-To: <20070524071906.GB80416@xor.obsecurity.org> References: <46546E16.9070707@freebsd.org> <7158.1179947572@critter.freebsd.dk> <20070523213251.GA14733@keltia.freenix.fr> <20070523.161038.-1989860747.imp@bsdimp.com> <46553A6B.7070904@freebsd.org> <20070524071906.GB80416@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > On Thu, May 24, 2007 at 12:10:35AM -0700, Colin Percival wrote: >> Interestingly, my experience from portsnap is that people tend to update >> ports more frequently than they apply security patches to the base system. > > ...with freebsd update. Important qualification. No, I was looking at version numbers reported by portsnap: Over half of the systems running FreeBSD 6.0 or FreeBSD 6.1 are still running the RELEASE with no security patches (or no kernel patches, at least), while systems running old versions of portsnap were upgraded to newer versions of portsnap far more quickly. Admittedly, there is a bias here in that people running portsnap are likely to be more interested in updating their installed ports than most FreeBSD users; but I still think it's a significant difference. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46553E4A.1060008>