From owner-freebsd-security Thu Apr 18 19:24:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id C544637B416 for ; Thu, 18 Apr 2002 19:24:46 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 10D184DE2; Thu, 18 Apr 2002 21:24:46 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3J2Ojf01594; Thu, 18 Apr 2002 21:24:45 -0500 (CDT) (envelope-from hawkeyd) Date: Thu, 18 Apr 2002 21:24:45 -0500 From: D J Hawkey Jr To: Brett Glass Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020418212445.A1577@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <4.3.2.7.2.20020418141843.021d1540_nospam.lariat.org@ns.sol.net> <20020418182218.GA35672_peitho.fxp.org@ns.sol.net> <4.3.2.7.2.20020418141843.021d1540_nospam.lariat.org@ns.sol.net> <200204190149.g3J1nOb01496@sheol.localdomain> <4.3.2.7.2.20020418200936.023fedd0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4.3.2.7.2.20020418200936.023fedd0@nospam.lariat.org>; from brett@lariat.org on Thu, Apr 18, 2002 at 08:12:47PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Apr 18, at 08:12 PM, Brett Glass wrote: > > At 07:49 PM 4/18/2002, D J Hawkey Jr wrote: > > >OK, I believe it was mentioned already, but was rather glossed over: > > > >For any one "snapshot", be it a major.minor-RELEASE, or -RELEASE-pN, > >have you - or anyone - any idea just how many snapshots would be required? > > One. > > >Some systems are IDE/ATAPI, others are SCSI, some are both, and some are > >RAID. You want a snapshot kernel supporting all that, if yours is just > >an internet gateway? What're the possible permutations of supported DASD? > > I'm afraid I don't understand. What are you talking about? > > >What are the possible permutations of NICs? > > > >What of optimizations for particular CPUs? > > > >So, how many kernels should be "snaphot"d? And who's to make that call? > > You obviously misunderstand what we've been referring to when we use > the word "snapshot." A "snapshot," in this context, is a build of FreeBSD > from a particular day's sources. No, I think I do understand. Would not that "snapshot" include the kernel? If so, what would you like that kernel to be configured as when the snapshot is taken? Do you think it'd be the same requirements as that of the majority of others? Even a large minority? How about a small majority? The kernel not withstanding, what about CPU capabilities? What if the OS was built with code that uses SSE, but your CPU doesn't support SSE? This pro'lly isn't a reality [right now], but you get my drift, don't you? Would you really want an OS built for the lowest common denominator as the one you install on your production servers, much less your desktop? > --Brett Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message