Date: Fri, 20 Jan 2006 22:51:46 -0500 From: Richard Bejtlich <taosecurity@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: freebsd-update defaults and restrictions Message-ID: <120ef0530601201951n69a9b7fel4b544ab816659373@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Gayn Winters wrote: > Bejtlich states that the KEY and the URL in the .conf file are > cooked to get updates from Colin's site, and to use the sample file "if > you trust [Colin] to securely build binary updates for you to blindly > install ..." Aside from Bejtlich's obvious tongue-in-cheek negativity > (they are both security guys after all, and Colin is the FreeBSD > security officer), are there other possible sites for updates? Hello, If you take a look at the text you're quoting, you'll notice that it's output from installing freebsd-update. I did not need to apply any "obvious tongue-in-cheek negativity" in my article -- those are Colin's words! I have the utmost respect for Colin; he's been very helpful in the community. Also, when I wrote the original article (Dec 04), Colin was not the security officer. That didn't happen until Aug 05, which is still after the date on the current article (Apr 05). For the latest info, you might like to read my article published in the Feb 06 Sys Admin magazine on Keeping FreeBSD Up-to-Date. To your questions -- I don't know of any sites beyond Colin's that provide updates at this time. If we see freebsd-update moved into the base system, I expect to see freebsd.org mirrors carrying them. It would be nice to have updates for non-i386 platforms, too. I defer to Colin for your other queries. Sincerely, Richard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?120ef0530601201951n69a9b7fel4b544ab816659373>