From owner-freebsd-security Thu Apr 18 11:42: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203]) by hub.freebsd.org (Postfix) with ESMTP id A233137B7DF for ; Thu, 18 Apr 2002 11:35:13 -0700 (PDT) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id g3IIYc354003 for ; Thu, 18 Apr 2002 14:34:38 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Thu, 18 Apr 2002 14:34:33 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: FreeBSD Security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip In-Reply-To: <4.3.2.7.2.20020418120036.021ceb30@nospam.lariat.org> Message-ID: <20020418143038.X53965-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 18 Apr 2002, Brett Glass wrote: > At 11:54 AM 4/18/2002, Jamie Norwood wrote: > > >> Not true at all. What administrators using FreeBSD need is not > >> "hand-holding" but a way to upgrade to a known good snapshot. > >> Not necessarily the absolute latest, but one with the needed > >> patches which others have seen to work. > > > >This is RELENG_4_5. What are you looking for that it does not > >provide? > > This is a CVS tag, not a build. Also, what you get when you > bring it in will change over time, so you can't easily answer > the question, "What patch level is this server running?" uname -a > What's needed is builds either from this or from -STABLE > (with testing to make sure nothing's broken) that one can > download and install without recompiling the world. With With the number of custom kernels running out there, and the number of different combinations of hardware out there, this is not feasible. The best you could hope for is a page somewhere that has submissions from people of "I'm running X here with Y kernel config with Z hardware combination and it seems to be OK." You might get a pre-built world somewhere with a GENERIC kernel that you could download, but that's it. The snapshot server in Japan has binaries that you can use to patch your system, but even it will not have any of your local customizations. > numbers such that one can say, "This server is at -p3 and > a new security hole was found.... I'll upgrade to -p4 tonight." > Simple, convenient, and likely to work without fuss, so that > we can install the build and get back to more important things, > like developing code. That's exactly what RELENG_4_5 is for. If there's a hole in -p3, then -p4 will have the fix for that hole, AND ONLY THAT FIX, in addition to whatever was in -p3. -- Chris BeHanna http://www.pennasoft.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message