From owner-freebsd-security  Fri Jun 18 12:11:45 1999
Delivered-To: freebsd-security@freebsd.org
Received: from xylan.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 5C8531522B
	for <security@FreeBSD.ORG>; Fri, 18 Jun 1999 12:11:42 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT]))
	id MAA27478; Fri, 18 Jun 1999 12:07:48 -0700 (PDT)
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id MAA06410; Fri, 18 Jun 1999 12:07:49 -0700
Received: from softweyr.com (dyn2.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA11923; Fri, 18 Jun 99 12:07:47 PDT
Message-Id: <376A9902.6E5094CD@softweyr.com>
Date: Fri, 18 Jun 1999 13:07:46 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: Brendan Conoboy <synk@swcp.com>
Cc: jgreco@ns.sol.net, security@FreeBSD.ORG
Subject: Re: make world clobbers (was Re: some nice advice...)
References: <199906180511.XAA15842@kitsune.swcp.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brendan Conoboy wrote:
> 
> > By definition, one isn't too interested in running "make world" on an
> > application-server-platform class machine.  You're looking for a platform
> > on which to run some application, and about the only thing you'll ever
> > need to patch would be the kernel.  Anything else (bugs in userland) is
> > merely an annoyance that you can live with because you didn't need any of
> > that stuff anyways.  And if you _do_ need to upgrade, you'll do it from
> > a binary distribution, not from source, because you can't really afford
> > to have your application server offline for the unnecessary luxury of
> > building the world.
> 
> Er, don't you upgrade from source when there's a security problem in
> userland but no new binary distribution?  I do.

Good grief, no!  *IF* the bug is in a service that you are using,
you update the source, build and test the new service on an off-line
workstation or server, and when you're certain the changes are 
reliable, move the new binaries to the target server.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message