From owner-freebsd-security@FreeBSD.ORG Tue Nov 1 08:55:08 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 347A116A41F for ; Tue, 1 Nov 2005 08:55:08 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4D4A43D46 for ; Tue, 1 Nov 2005 08:55:07 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr5so.prod.shaw.ca (pd2mr5so-qfe3.prod.shaw.ca [10.0.141.8]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IP9009L9Q3ULG50@l-daemon> for freebsd-security@freebsd.org; Tue, 01 Nov 2005 01:55:06 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7]) by pd2mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IP9005Q7Q3UK3A0@pd2mr5so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 01 Nov 2005 01:55:06 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IP900C4EQ3TSY@l-daemon> for freebsd-security@freebsd.org; Tue, 01 Nov 2005 01:55:06 -0700 (MST) Date: Tue, 01 Nov 2005 00:55:05 -0800 From: Colin Percival In-reply-to: <200510311625.46334.suporte@wahtec.com.br> To: suporte@wahtec.com.br Message-id: <43672D69.2000208@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.93.0.0 References: <20051030120107.CD5CF16A422@hub.freebsd.org> <200510311625.46334.suporte@wahtec.com.br> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org Subject: Re: More on freebsd-update (WAS: Is the server portion of freebsd-update open source?) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2005 08:55:08 -0000 suporte@wahtec.com.br wrote: > 1- if and when freebsd-update will be the official freebsd system binary > update? Like, when it will be part of freebsd structure, with a dedicated > server and stuff? ... It's far better then updating by cvs. FreeBSD Update is now semi-officially supported, in the sense that I make sure that it works but the rest of the security team isn't involved. As I mentioned earlier, I'm planning on rewriting the build code to make it far simpler and more reliable; this will make it possible for someone else to take over if I get hit by a bus, at which point FreeBSD Update will become officially supported. :-) > 2- for future plans, is there any possibility to customize or add some > features to kernels on official freebsd-update server? IPSEC is quite > important on security. Since there isn't a LKM to use IPSEC (correct me if > I'm wrong), when someone compiles the kernel to add it, he looses the > freebsd-update kernel update. Right now I provide prebuilt GENERIC and SMP kernels; I could build some other kernel configurations, but there's obviously a limit to what is practical. After I rewrite the build code I'll have to consult with the release engineering team and the user community about which kernels would be most useful. Colin Percival