Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Apr 2002 14:34:33 -0400 (EDT)
From:      Chris BeHanna <behanna@zbzoom.net>
To:        FreeBSD Security <security@freebsd.org>
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
Message-ID:  <20020418143038.X53965-100000@topperwein.dyndns.org>
In-Reply-To: <4.3.2.7.2.20020418120036.021ceb30@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, 18 Apr 2002, Brett Glass wrote:

> At 11:54 AM 4/18/2002, Jamie Norwood wrote:
>
> >> Not true at all. What administrators using FreeBSD need is not
> >> "hand-holding" but a way to upgrade to a known good snapshot.
> >> Not necessarily the absolute latest, but one with the needed
> >> patches which others have seen to work.
> >
> >This is RELENG_4_5. What are you looking for that it does not
> >provide?
>
> This is a CVS tag, not a build. Also, what you get when you
> bring it in will change over time, so you can't easily answer
> the question, "What patch level is this server running?"

    uname -a

> What's needed is builds either from this or from -STABLE
> (with testing to make sure nothing's broken) that one can
> download and install without recompiling the world. With

    With the number of custom kernels running out there, and the
number of different combinations of hardware out there, this is
not feasible.  The best you could hope for is a page somewhere that
has submissions from people of "I'm running X here with Y kernel
config with Z hardware combination and it seems to be OK."

    You might get a pre-built world somewhere with a GENERIC kernel
that you could download, but that's it.  The snapshot server in Japan
has binaries that you can use to patch your system, but even it will
not have any of your local customizations.

> numbers such that one can say, "This server is at -p3 and
> a new security hole was found.... I'll upgrade to -p4 tonight."
> Simple, convenient, and likely to work without fuss, so that
> we can install the build and get back to more important things,
> like developing code.

    That's exactly what RELENG_4_5 is for.  If there's a hole in -p3,
then -p4 will have the fix for that hole, AND ONLY THAT FIX, in
addition to whatever was in -p3.

--
Chris BeHanna
http://www.pennasoft.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418143038.X53965-100000>