From owner-freebsd-security Thu Apr 18 18:17:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 145F237B405 for ; Thu, 18 Apr 2002 18:16:54 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id TAA02347; Thu, 18 Apr 2002 19:16:48 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3J1GlR35890; Thu, 18 Apr 2002 19:16:47 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15551.28671.448890.421578@caddis.yogotech.com> Date: Thu, 18 Apr 2002 19:16:47 -0600 To: Benjamin Krueger Cc: "Karsten W. Rohrbach" , Jeff Palmer , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip In-Reply-To: <20020418171454.E23267@rain.macguire.net> References: <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org> <200204171923.g3HJNga58899@freefall.freebsd.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <012901c1e725$da237e90$0286a8c0@jeffrey> <20020418154338.D23267@rain.macguire.net> <20020419014351.M60925@mail.webmonster.de> <20020418171454.E23267@rain.macguire.net> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > > Like it or not, Brett has raised a concern which is entirely valid and echoed > > > by many system administrators. ( I have a feeling the number is not small ) > > > > but you are missing the point that _administrators_ have the option (and > > the knowledge) to upgrade from source, using a builder system, just like > > most freebsd admins with larger installations do. > > Indeed they do. Doing this for 1000 individual servers, even when > scripted, is an incredible task, and not very feasible. Doing *anything* to 1000 individual servers running ANY OS is an incredible tasks, regardless of what is being done. Why is FreeBSD being singled out here? > Quite a few shops do have the luxery of being able to maintain and release > internal builds. Quite a few more do not. Either way, its still a good > opportunity for someone who can. =) Any shop that has a significant # of servers that I've worked with takes the time to do internal builds using a standard set of hardware. Otherwise, you spend more time chasing your tail than in solving problems. (Again, this issue is orthogonal to the issue of which hardware/software is being used). Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message