From owner-freebsd-security Fri Apr 19 17:26:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 65AB537B47B for ; Fri, 19 Apr 2002 17:26:09 -0700 (PDT) Received: (qmail 88481 invoked by uid 1000); 20 Apr 2002 00:26:30 -0000 Date: Sat, 20 Apr 2002 02:26:30 +0200 From: "Karsten W. Rohrbach" To: Brett Glass Cc: Doug Barton , security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020420022630.C88054@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Brett Glass , Doug Barton , security@FreeBSD.ORG References: <20020419221445.B84400@mail.webmonster.de> <20020419145828.K17023-100000@zoot.corp.yahoo.com> <4.3.2.7.2.20020419161047.0360e970@nospam.lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="jy6Sn24JjFx/iggw" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20020419161047.0360e970@nospam.lariat.org>; from brett@lariat.org on Fri, Apr 19, 2002 at 04:12:33PM -0600 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer X-Work-URL: http://www.ngenn.net/ X-Work-Address: nGENn GmbH, Schloss Kransberg, D-61250 Usingen-Kransberg, Germany X-Work-Phone: +49-6081-682-304 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --jy6Sn24JjFx/iggw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Brett Glass(brett@lariat.org)@2002.04.19 16:12:33 +0000: > At 04:07 PM 4/19/2002, Doug Barton wrote: >=20 > >I long ago forgot what it was like to be a new > >FreeBSD user,=20 >=20 > This is part of the problem here. We should care a lot about > newcomers' experience, and respect the fact that no matter > how bright they are they cannot learn everything at once. > Expecting a new user to master CVSup is unreasonable. brett,=20 i'm sorry, but reading this thread made me think about the days when i started using freebsd and set up my first server. after being left alone at a root user prompt "# " i learned how to configure the stuff in /etc, that docs are in /usr/share/doc, how to install packages, and then how to cvsup (for building upt to date versions out of the ports tree). in my personal opinion, i find the RPM or binary-only distribution mechanism very dangerous for users, because it is mainly the microsoft approach to hide software complexity behind an interface the user has to trust. i personally do not trust binary package systems (although i am forced to use them sometimes), nor do i blindly trust the ports tree. yes, i mean i _read_ the make files and view the output of the make process before installing a port the first time on one box. then i make a package out of it. that's all personal preference, yes. IMVHO, what would be a good thing[tm] for the source dist (/usr/src) is a Changelog file, containing the history of major fixes/enhancements to the currently installed sources. it would be very easy to write a little wrapper that saves /usr/src/Changelog (or maybe even a whole hierarchy of subsystem Changelogs) to a backup and then diffs out the changes after the update completed. this gives at least some overview about what has changed and where to look for potential breakage. it would be very good, if some of the committers could comment on that. regards, /k --=20 > It's not that perl programmers are idiots, it's that the language rewards > idiotic behavior in a way that no other language or tool has ever done.= =20 > --Erik Naggum=20 KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --jy6Sn24JjFx/iggw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8wLW1M0BPTilkv0YRAl3jAJ9fJ5Sk8a6cspaWQ1zL999UK5amowCcD5G/ PyZoL5PZ2sIdiJDss/LJi1w= =za7G -----END PGP SIGNATURE----- --jy6Sn24JjFx/iggw-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message