From owner-freebsd-security  Wed Nov 28 14:57:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from roble.com (mx0.roble.com [206.40.34.14])
	by hub.freebsd.org (Postfix) with ESMTP id 2BB2037B405
	for <security@FreeBSD.ORG>; Wed, 28 Nov 2001 14:57:18 -0800 (PST)
Received: from localhost (marquis@localhost)
	by roble.com  with ESMTP id fASMvI412986
	for <security@FreeBSD.ORG>; Wed, 28 Nov 2001 14:57:18 -0800 (PST)
Date: Wed, 28 Nov 2001 14:57:17 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: <security@FreeBSD.ORG>
Subject: Re: Updating ssh
In-Reply-To: <bulk.98822.20011128142725@hub.freebsd.org>
Message-ID: <20011128143641.X12621-100000@roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Brett Glass wrote:
> This reflects a common problem in FreeBSD. When you install a port or
> compile a newer version of an application which is included in the base
> install, it usually goes into /usr/local, so the system keeps on using
> the old version (which is ahead of the newer one in the path).

This problem has bit us more than a few times.  It's also one of
the things that keeps FreeBSD from gaining market share in large
and high-security networks.  If FreeBSD QA implemented the KIS
principle there would be a single official location for every file
and no duplicates anywhere on the system.

The root of the problem is that few FreeBSD developers have extensive
systems administration experience and few FreeBSD sysadmins have
a background in large site configuration management.  Seems to be
an inevitable weakness of cutting-edge OSs.

> Perhaps FreeBSD should put these things in /usr/local from the get-go?

Either that or configure ports to put things where they already
are.  I'd vote for the latter as it fosters compatibility across
versions, architectures and OSs and doesn't conflict with NFS sites
that mount /usr/local from a fileserver.

Unfortunately most FreeBSD installations are not multi-user, don't
run NIS or NFS, aren't part of a large installation, and most
FreeBSD ports are designed accordingly.

-- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message