Date: Fri, 19 Apr 2002 09:29:13 -0600 From: Brett Glass <brett@lariat.org> To: Doug Barton <DougB@FreeBSD.org> Cc: security@FreeBSD.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <4.3.2.7.2.20020419090903.023f0590@nospam.lariat.org> In-Reply-To: <20020418180158.D8772-100000@zoot.corp.yahoo.com> References: <4.3.2.7.2.20020418143231.021d6840@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:07 PM 4/18/2002, Doug Barton wrote: > I think everyone agrees that you have problems Brett. Being insulting doesn't further the discussion. >> It's not a "favorite hobby horse" but rather a longstanding issue. >> Why not work to solve the problem? > > The typical FreeBSD answer is, "Since YOU think it's a problem, >why don't YOU work to solve it?" I am -- by putting up with invectives such as the ones you've hurled at me in recent messages. Putting up a specific build on the FTP server and mirrors is not something I can physically do, but I can demonstrate the need and the benefits that will come from it. As with the "High" security option in the current FreeBSD install (which I was also flamed for suggesting on the lists. It's amazing how any new idea, good or bad, is answered with flames by some people). >However, since to my knowledge your >record of never actually contributing a line of code to the project >remains unblemished, I've actually had code in FreeBSD since 1995 or so. Mostly small stuff, and all contributed through others because I'm not a committer. But some of it is important.... Such as the recent changes to syslogd that allow automatic monitoring. (These were featured in my paper at the first Usenix BSDCon.) > I also think that the new RELENG_N_N idea I see; it's "the" new RELENG_N_N idea, not mine. Can't give me credit for anything, can you? ;-) >is a good one, and it >may do your heart good to know that I took your point about not being able >to easily ascertain how many patches have been applied to a particular >point in that branch up with the release engineers just now. I agree that >it's valid, and should be easy to fix with newvers.sh, if it's not already >fixed (I haven't been following developments on that stuff too closely). It's a start. But we also need to make the security branch the one that new users get, by default, when they visit the FreeBSD Web site, get floppy images, and download via the Net. It would also be exceedingly useful to post -- prominently -- a patch that upgrades buyers of the last release on CD to the same build, and to display a message at the end of sysinstall directing users to the page where it's located. This way, every new install will be as secure as we currently know how to make it. This is not only good publicity; if you believe (as I do) that it's unethical to knowingly give someone an insecure version to install when a secure one can is readily available, it's just good ethics. Other benefits, such as giving admins a verstion to which they can upgrade quickly, would also arise from this. It's a total win. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020419090903.023f0590>