From owner-freebsd-security Thu Apr 18 17:22: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id A6F6737B416 for ; Thu, 18 Apr 2002 17:21:58 -0700 (PDT) Received: from hades.hell.gr (patr530-a203.otenet.gr [212.205.215.203]) by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g3J0Lgrc017217; Fri, 19 Apr 2002 03:21:44 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g3J0Lf6M011748; Fri, 19 Apr 2002 03:21:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from charon@localhost) by hades.hell.gr (8.12.2/8.12.2/Submit) id g3J0LZQY011747; Fri, 19 Apr 2002 03:21:35 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Fri, 19 Apr 2002 03:21:34 +0300 From: Giorgos Keramidas To: Brett Glass Cc: David Wolfskill , schulte+freebsd@nospam.schulte.org, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020419002134.GA11682@hades.hell.gr> References: <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-04-18 11:42, Brett Glass wrote: > At 10:18 AM 4/18/2002, David Wolfskill wrote: > > >If you have systems that are that important to you -- and I do, even > >here at home -- then acquire a machine to do the builds, and then use > >some method other than "build in place" to install the result. > > That's not sufficient to ensure that you didn't pick the wrong time > to take a snapshot. Production machines must run a known good > snapshot. Err, what ever happened to the old practice of building the snapshot on sufficiently `identical' machines and testing it there before deploying[0] it on production use? [0] I hate me already for using this word :) - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message