Date: Thu, 18 Apr 2002 15:08:39 -0700 From: Steve Francis <sfrancis@expertcity.com> To: Brett Glass <brett@lariat.org> Cc: Jon Bergfeld <jbergfel@yahoo.com>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <3CBF43E7.9080509@expertcity.com> References: <4.3.2.7.2.20020418120036.021ceb30@nospam.lariat.org> <4.3.2.7.2.20020418135706.02192c60@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
I'd just like to second this.
I've managed unix systems for quite a few years, all solaris and AIX
until recently when I started moving one production class of servers
over to FreeBSD (performance is a lot better for this function.)
My biggest confusion in moving to FreeBSD was the CVSup process, and how
to get a currently patched stable image. (Not that it is that difficult,
but it is not intuitive, and there was no page in the FreeBSD handbook
saying "To ensure your system has the current patchset, and the most
stable code as of this date, do this... If you dont trust the latest
stable code, you can get patchlevel Y by doing this...")
Also, it is, in my opinion, unfortunate that I can install a system from
the CD"s without putting the source to everything on the box, but to go
to the -releng current patch set, I do need to first get the sources for
all on the system.
My .02c
Brett Glass wrote:
>At 12:17 PM 4/18/2002, Jon Bergfeld wrote:
>
>
>>look, the existing process seems to work fine for everyone else
>>
>
>Acutally, it doesn't. And it really hurts evangelism and new
>adopters of FreeBSD.
>
><snip>
>
>As you can see from the above, FreeBSD doesn't have a simple answer
>to a simple, reasonable question: "How can I *just install* FreeBSD
>with all of the latest security fixes on a new machine, without
>walking off of a conceptual cliff?"
>
>We need to address this. Not only would it help newcomers; it would
>also help admins who just want to do a quick, no-hassle upgrade that
>includes the latest security fixes. We should NOT say, "the heck with
>them if they're not willing to learn all sorts of developer stuff on
>the spot." That's pointless elitism. And we shouldn't make it
>unreasonably hard for admins to update... or they might not do it.
>And then, when their systems are broken into, FreeBSD's reputation
>as a secure OS suffers.
>
>--Brett Glass
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
[-- Attachment #2 --]
<html>
<head>
</head>
<body>
I'd just like to second this.<br>
<br>
I've managed unix systems for quite a few years, all solaris and AIX until
recently when I started moving one production class of servers over to FreeBSD
(performance is a lot better for this function.)<br>
<br>
My biggest confusion in moving to FreeBSD was the CVSup process, and how
to get a currently patched stable image. (Not that it is that difficult,
but it is not intuitive, and there was no page in the FreeBSD handbook saying
"To ensure your system has the current patchset, and the most stable code
as of this date, do this... If you dont trust the latest stable code, you
can get patchlevel Y by doing this...")<br>
<br>
Also, it is, in my opinion, unfortunate that I can install a system from
the CD"s without putting the source to everything on the box, but to go to
the -releng current patch set, I do need to first get the sources for all
on the system.<br>
<br>
My .02c<br>
<br>
<br>
Brett Glass wrote:<br>
<blockquote type="cite" cite="mid:4.3.2.7.2.20020418135706.02192c60@nospam.lariat.org">
<pre wrap="">At 12:17 PM 4/18/2002, Jon Bergfeld wrote:<br> <br></pre>
<blockquote type="cite">
<pre wrap="">look, the existing process seems to work fine for everyone else<br></pre>
</blockquote>
<pre wrap=""><!----><br>Acutally, it doesn't. And it really hurts evangelism and new<br>adopters of FreeBSD.<br><br><snip><br><br>As you can see from the above, FreeBSD doesn't have a simple answer<br>to a simple, reasonable question: "How can I *just install* FreeBSD<br>with all of the latest security fixes on a new machine, without<br>walking off of a conceptual cliff?"<br><br>We need to address this. Not only would it help newcomers; it would<br>also help admins who just want to do a quick, no-hassle upgrade that<br>includes the latest security fixes. We should NOT say, "the heck with <br>them if they're not willing to learn all sorts of developer stuff on <br>the spot." That's pointless elitism. And we shouldn't make it<br>unreasonably hard for admins to update... or they might not do it.<br>And then, when their systems are broken into, FreeBSD's reputation <br>as a secure OS suffers.<br><br>--Brett Glass<br><br><br>To Unsubscribe: send mail to <a class="moz-tx
t-link-abbreviated" href="mailto:majordomo@FreeBSD.org">majordomo@FreeBSD.org</a><br>with "unsubscribe freebsd-security" in the body of the message<br></pre>
</blockquote>
<br>
</body>
</html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CBF43E7.9080509>