From owner-freebsd-security@FreeBSD.ORG  Sun Aug 19 21:12:53 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53])
	by hub.freebsd.org (Postfix) with ESMTP id 131FF106564A;
	Sun, 19 Aug 2012 21:12:53 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from opti.dougb.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id B59E714DA05;
	Sun, 19 Aug 2012 21:12:52 +0000 (UTC)
Message-ID: <503156D4.3020800@FreeBSD.org>
Date: Sun, 19 Aug 2012 14:12:52 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:14.0) Gecko/20120728 Thunderbird/14.0
MIME-Version: 1.0
To: Jilles Tjoelker <jilles@stack.nl>
References: <0B65D7562F9DA04FAC3F15C508BF67136B90E09E1F@ESESSCMS0355.eemea.ericsson.se>
	<001701cd7648$c2520350$46f609f0$@com>
	<5024f984.45ca320a.1838.4155SMTPIN_ADDED@mx.google.com>
	<CAC8HS2FU1hrbh_m4P6h+SpUAJREfCeynHPD3QnNx6XuzSb3T-g@mail.gmail.com>
	<86pq6xs0zb.fsf@ds4.des.no> <20120819123313.GA72985@stack.nl>
In-Reply-To: <20120819123313.GA72985@stack.nl>
X-Enigmail-Version: 1.4.3
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>,
	Roberto <robertot@redix.it>, "Simon L. B. Nielsen" <simon@FreeBSD.org>,
	freebsd-security@freebsd.org
Subject: Re: getting the running patch level
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2012 21:12:53 -0000

On 08/19/2012 05:33, Jilles Tjoelker wrote:
> I think the idea of having 'make installworld' create something is good,
> but we should not hard-code policy by writing the information into a
> file that may be shown to unauthenticated users (such as by getty).
> 
> A new file with a name=value format somewhat like /etc/lsb-release on
> Linux seems more appropriate. If the admin wants /etc/issue,
> /etc/rc.d/motd can create it.
> 
> The new file is not a configuration file and tools like mergemaster and
> freebsd-update must not bother the admin about it. If all files under
> /etc are considered "configuration files", then perhaps a different
> location is better.

The way that you avoid mergemaster dealing with a file is to avoid
installing it as part of the process that mergemaster uses to create the
temproot directory (you can see this easily enough in the script). If
the file doesn't end up in the temproot, mergemaster will have no
knowledge of it.

hth,

Doug

-- 

    I am only one, but I am one.  I cannot do everything, but I can do
    something.  And I will not let what I cannot do interfere with what
    I can do.
			-- Edward Everett Hale, (1822 - 1909)