Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Dec 2005 23:35:34 +0100
From:      =?ISO-8859-1?Q?K=F6vesd=E1n_G=E1bor?= <gabor.kovesdan@t-hosting.hu>
To:        Wilko Bulte <wb@freebie.xs4all.nl>
Cc:        Joe Rhett <jrhett@svcolo.com>, stable@freebsd.org, current <current@freebsd.org>
Subject:   Re: HEADS UP: Release schedule for 2006
Message-ID:  <43A492B6.6050305@t-hosting.hu>
In-Reply-To: <20051217220807.GA28741@freebie.xs4all.nl>
References:  <43A266E5.3080103@samsco.org> <20051217215434.GB92180@svcolo.com> <20051217220807.GA28741@freebie.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
Wilko Bulte wrote:

>On Sat, Dec 17, 2005 at 01:54:34PM -0800, Joe Rhett wrote..
>  
>
>>On Fri, Dec 16, 2005 at 12:04:05AM -0700, Scott Long wrote:
>>    
>>
>>>There will be three FreeBSD 6 releases in 2006.
>>>      
>>>
>>While this is nice, may I suggest that it is time to put aside/delay one
>>release cycle and come up with a binary update mechanism supported well by
>>the OS?  Increasing the speed of releases is good.  Increasing the number
>>of deployed systems out of date because there are no easy binary upgrade
>>mechanisms is bad.
>>
>>It has been bad, it's getting worse.
>>    
>>
>
>So, when will you fix it?  Or hire someone to fix it?  FreeBSD after
>all is mostly a volunteer operation.
>
>  
>
I agree. And after all, tracking a security branch isn't too difficult, 
but the most people think that they have to do a complete "make 
buildworld" after a security advisory, but this isn't true. For example 
there was that cvsbug issue in September:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
One can read here:

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/cvs/cvsbug
# make obj && make depend && make && make install
# cd /usr/src/gnu/usr.bin/send-pr
# make obj && make depend && make && make install

Is that difficult? I don't think so. No reboot required and it doesn't 
take more than 5 minutes even on a slower machine. Only the 
vulnerabilities in the kernel are problematic for servers, since they 
require a reboot. I think I'll submit a PR with a patch to clarify this 
in Handbook. Do you consider this useful?

Regards,

Gabor Kovesdan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43A492B6.6050305>