From owner-freebsd-questions@FreeBSD.ORG Sat Jan 21 03:51:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8AFD16A420 for ; Sat, 21 Jan 2006 03:51:48 +0000 (GMT) (envelope-from taosecurity@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B82043D46 for ; Sat, 21 Jan 2006 03:51:47 +0000 (GMT) (envelope-from taosecurity@gmail.com) Received: by wproxy.gmail.com with SMTP id 67so632891wri for ; Fri, 20 Jan 2006 19:51:46 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=rMQgket4em7HE6dWHSJH+nuBHyLSlfUZkxMy46cB7b4AgaPUbfUKmSuX+IG3IGmpOwJPlwh/Klpy4CcUQe/o6ATg105uv7Jzfw+padwRABx4trqymXsppViLFHb56cHXNK6UJt+LKPe5IEHnEn2Me90Rl2l4zP2vXOEhvd/a4Gk= Received: by 10.65.157.4 with SMTP id j4mr2126789qbo; Fri, 20 Jan 2006 19:51:46 -0800 (PST) Received: by 10.65.248.11 with HTTP; Fri, 20 Jan 2006 19:51:46 -0800 (PST) Message-ID: <120ef0530601201951n69a9b7fel4b544ab816659373@mail.gmail.com> Date: Fri, 20 Jan 2006 22:51:46 -0500 From: Richard Bejtlich To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: Subject: Re: freebsd-update defaults and restrictions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2006 03:51:48 -0000 Gayn Winters wrote: > Bejtlich states that the KEY and the URL in the .conf file are > cooked to get updates from Colin's site, and to use the sample file "if > you trust [Colin] to securely build binary updates for you to blindly > install ..." Aside from Bejtlich's obvious tongue-in-cheek negativity > (they are both security guys after all, and Colin is the FreeBSD > security officer), are there other possible sites for updates? Hello, If you take a look at the text you're quoting, you'll notice that it's output from installing freebsd-update. I did not need to apply any "obvious tongue-in-cheek negativity" in my article -- those are Colin's words! I have the utmost respect for Colin; he's been very helpful in the community. Also, when I wrote the original article (Dec 04), Colin was not the security officer. That didn't happen until Aug 05, which is still after the date on the current article (Apr 05). For the latest info, you might like to read my article published in the Feb 06 Sys Admin magazine on Keeping FreeBSD Up-to-Date. To your questions -- I don't know of any sites beyond Colin's that provide updates at this time. If we see freebsd-update moved into the base system, I expect to see freebsd.org mirrors carrying them. It would be nice to have updates for non-i386 platforms, too. I defer to Colin for your other queries. Sincerely, Richard