From owner-freebsd-security Fri Apr 19 14:18:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (mx0.roble.com [206.40.34.14]) by hub.freebsd.org (Postfix) with ESMTP id A412C37B405 for ; Fri, 19 Apr 2002 14:18:15 -0700 (PDT) Received: from gw.netlecture.com (gw.netlecture.com [206.40.34.9]) by roble.com with ESMTP id g3JLIEo73536 for ; Fri, 19 Apr 2002 14:18:15 -0700 (PDT) Date: Fri, 19 Apr 2002 14:18:14 -0700 (PDT) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020419133825.B72826-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Greg Fortune wrote: >First, anyone connected to the net who ever thinks that their box is ever >"safe" needs a reality check. Please try to keep the invective down. This thread has not been about subjective measures of safety. All agree that applying large amounts of new code cannot be as safe as applying specific patches with a minimum of new code. >Pretty good assumption for a newcomer, eh? You're joking (and forgot the smiley) I hope. >Just because we're new to FreeBSD doesn't mean we're sheep. We all know >where the sheep graze. Nobody ever told me that FreeBSD was easy. Nobody >ever told me it was secure "out of the box". If you have something to say about CVSup or the current method of applying patches or labeling releases then do contribute. Until then we can all do without diatribes like Greg's. There certainly are many ways to improve FreeBSD and we should not require the submission of code or money in exchange for the privilege of pointing them out. If I knew how to get a better patch system implemented into FreeBSD I would. What this thread makes clear, however, is that it's not about submitting improvements, it's about legacy methodology. The current majority of -security subscribers seem to be happy with CVSup and buildworld and unhappy with the prospect of learning anything different. As a result we're stuck with the status quo. That and the resultant small market share which forces most of us to use and support other operating systems in order to earn a living. If you want a better FreeBSD just copy Solaris' patch system wholesale. There's no need to reinvent the wheel. The real problem, however, is cultural. Exactly how do you submit a new patch system over the objections of legacy developers. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message