From owner-freebsd-security Fri Jun 18 12:11:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 5C8531522B for ; Fri, 18 Jun 1999 12:11:42 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id MAA27478; Fri, 18 Jun 1999 12:07:48 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id MAA06410; Fri, 18 Jun 1999 12:07:49 -0700 Received: from softweyr.com (dyn2.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA11923; Fri, 18 Jun 99 12:07:47 PDT Message-Id: <376A9902.6E5094CD@softweyr.com> Date: Fri, 18 Jun 1999 13:07:46 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Brendan Conoboy Cc: jgreco@ns.sol.net, security@FreeBSD.ORG Subject: Re: make world clobbers (was Re: some nice advice...) References: <199906180511.XAA15842@kitsune.swcp.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brendan Conoboy wrote: > > > By definition, one isn't too interested in running "make world" on an > > application-server-platform class machine. You're looking for a platform > > on which to run some application, and about the only thing you'll ever > > need to patch would be the kernel. Anything else (bugs in userland) is > > merely an annoyance that you can live with because you didn't need any of > > that stuff anyways. And if you _do_ need to upgrade, you'll do it from > > a binary distribution, not from source, because you can't really afford > > to have your application server offline for the unnecessary luxury of > > building the world. > > Er, don't you upgrade from source when there's a security problem in > userland but no new binary distribution? I do. Good grief, no! *IF* the bug is in a service that you are using, you update the source, build and test the new service on an off-line workstation or server, and when you're certain the changes are reliable, move the new binaries to the target server. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message