Date: Wed, 17 Sep 2003 20:40:08 -0700 From: "Bruce A. Mah" <bmah@freebsd.org> To: Nielsen <nielsen@memberwebs.com> Cc: freebsd-security@freebsd.org Subject: Re: ftp.freebsd.org out of date? (WRT security advisories) Message-ID: <200309180340.h8I3e8Hl042756@intruder.kitchenlab.org> In-Reply-To: <3F68FE17.5050700@memberwebs.com> References: <3F68FE17.5050700@memberwebs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_591933040P Content-Type: text/plain; charset=us-ascii If memory serves me right, Nielsen wrote: > It seems (at least for me) the patches on ftp.freebsd.org are out of > date for the 03:12 security advisory (openssh). ftp2.freebsd.org has > them fine. > > I'm wondering if this is a mirror issue or perhaps round-robin DNS problem? > > What compounds the issue is that right now the old openssh 3.7 patches > are there (on ftp.freebsd.org), but not the 3.7.1 patches (which can be > found on ftp2.freebsd.org). This could conceivably cause someone to miss > a patch. As I understand the problem, it has to do with the updating cycles of the mirrors (both ftp.freebsd.org machines get their content in much the same way as any of the other top-level mirrors). By sheer luck, it might be possible that ftp.freebsd.org might sychronize later than the other mirrors. There's other factors, such as the periodicity of updating, that also come into play. I'm not sure what's a good solution to this. I know that security-team is aware of the problem, in fact it came up in the security-officer BoF at BSDCon. (One possibility might be to put the advisories on the Web site and force an update immediately after an advisory is issued. I do this during the late stages of a release cycle to push out the release announcements and release notes. The problem with this, however, is that everyone is conditioned to look to the FTP sites for advisories.) Bruce. --==_Exmh_591933040P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) Comment: Exmh version 2.5+ 20020506 iD8DBQE/aSkY2MoxcVugUsMRAk6xAJwJhMT3iwgAp23/KX4UZ5nqMAsbJgCg/0k2 sZJA9eEVILjJ2GYgOBFtdwU= =J2qE -----END PGP SIGNATURE----- --==_Exmh_591933040P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309180340.h8I3e8Hl042756>