From owner-freebsd-security  Thu Jul 26  6:19:53 2001
Delivered-To: freebsd-security@freebsd.org
Received: from APastourelles-102-1-2-26.abo.wanadoo.fr (APastourelles-102-1-2-26.abo.wanadoo.fr [217.128.208.26])
	by hub.freebsd.org (Postfix) with ESMTP id 1D21337B401
	for <freebsd-security@freebsd.org>; Thu, 26 Jul 2001 06:19:50 -0700 (PDT)
	(envelope-from olive@deep-ocean.net)
Received: by APastourelles-102-1-2-26.abo.wanadoo.fr (Postfix, from userid 1001)
	id F342D2556E; Thu, 26 Jul 2001 15:19:48 +0200 (CEST)
Date: Thu, 26 Jul 2001 15:19:48 +0200
From: Olivier Cortes <olive@deep-ocean.net>
To: freebsd-security@freebsd.org
Subject: Re: Re: [Q] distribution of patched binaries for security fixes.
Message-ID: <20010726151948.A95770@APastourelles-102-1-2-26.abo.wa>
Mail-Followup-To: Olivier Cortes <olive@deep-ocean.net>,
	freebsd-security@freebsd.org
References: <OF4DA81783.35F31A25-ON48256A95.003A491A@allsolutions.com.au> <20010726043657.B42611@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010726043657.B42611@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Jul 26, 2001 at 04:36:57AM -0700
X-Operating-System: FreeBSD 4.3-RC i386 up 7 days, 10:35, 1 user, load averages: 0.14, 0.25, 0.17
Organization: Deep-Ocean Network
X-URL: http://www.deep-ocean.net/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Jul 26, 2001 at 04:36:57AM -0700, Kris Kennaway wrote:
> There are any number of tools you can use to distribute files: tar +
> scp, rsync, cvsup, 'make release' to make a full installation mirror,
> etc.  If you want to automate the installation further you could
> create your own packages using pkg_create: this is very easy to do if
> you use the ports framework.


Here i make heavy use of rsync + scp tu update my web sites mirror.
i didn't thought about it to sync my systems...

saying that every BSD machine is in securelevel 2 with
[/usr]/[s]bin[/*] chflaged to schg, do you think that "pkg_create" is a
better solution than make world on every one ? (i've got 4 FreeBSD
4.3-STABLE).

[i remember some persons didn't agree with this protection method. do
you have any URL to point me to in order to discuss this subject
(again ?)]

with pkg_create, do i pack the binaries ? do i pack everything in the
dirs mentioned before ? how to trace only the changed binaries (the
cvsup log ?) ? 

which method do you prefer ? (for now i make world everywhere...) is
there any URL or doc where some of them are already discussed (in
order not to spend your time on it) ?

regards,

---
Olivier Cortes
free software admin

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message