From owner-freebsd-security Wed Nov 28 14:57:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (mx0.roble.com [206.40.34.14]) by hub.freebsd.org (Postfix) with ESMTP id 2BB2037B405 for ; Wed, 28 Nov 2001 14:57:18 -0800 (PST) Received: from localhost (marquis@localhost) by roble.com with ESMTP id fASMvI412986 for ; Wed, 28 Nov 2001 14:57:18 -0800 (PST) Date: Wed, 28 Nov 2001 14:57:17 -0800 (PST) From: Roger Marquis To: Subject: Re: Updating ssh In-Reply-To: Message-ID: <20011128143641.X12621-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett Glass wrote: > This reflects a common problem in FreeBSD. When you install a port or > compile a newer version of an application which is included in the base > install, it usually goes into /usr/local, so the system keeps on using > the old version (which is ahead of the newer one in the path). This problem has bit us more than a few times. It's also one of the things that keeps FreeBSD from gaining market share in large and high-security networks. If FreeBSD QA implemented the KIS principle there would be a single official location for every file and no duplicates anywhere on the system. The root of the problem is that few FreeBSD developers have extensive systems administration experience and few FreeBSD sysadmins have a background in large site configuration management. Seems to be an inevitable weakness of cutting-edge OSs. > Perhaps FreeBSD should put these things in /usr/local from the get-go? Either that or configure ports to put things where they already are. I'd vote for the latter as it fosters compatibility across versions, architectures and OSs and doesn't conflict with NFS sites that mount /usr/local from a fileserver. Unfortunately most FreeBSD installations are not multi-user, don't run NIS or NFS, aren't part of a large installation, and most FreeBSD ports are designed accordingly. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message