From owner-freebsd-security@FreeBSD.ORG Tue Oct 11 16:31:26 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F6D816A41F for ; Tue, 11 Oct 2005 16:31:26 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: from mail.ihosting.be (vero.ihosting.be [83.217.81.43]) by mx1.FreeBSD.org (Postfix) with SMTP id C83F243D45 for ; Tue, 11 Oct 2005 16:31:25 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: (qmail 28526 invoked by uid 1033); 11 Oct 2005 16:37:00 -0000 Received: from jimmy@inet-solutions.be by excalibur.hyprotech.be by uid 1016 with qmail-scanner-1.20st (clamscan: 0.75. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.010176 secs); 11 Oct 2005 16:37:00 -0000 Received: from localhost (HELO vero.ihosting.be) (127.0.0.1) by mail.ihosting.be with SMTP; 11 Oct 2005 16:37:00 -0000 Received: (from jimmy@inet-solutions.be) by vero.ihosting.be (mini_sendmail/1.3.5 16nov2003); Tue, 11 Oct 2005 18:37:00 CEST (sender jimmy@inet-solutions.be by using webserver vero.ihosting.be path /www/ihosting/horde.ihosting.be/imp - report abuse to abuse@boxke.be) Received: from d515281EE.access.telenet.be (d515281EE.access.telenet.be [81.82.129.238]) by webmail.boxke.be (IMP) with HTTP for ; Tue, 11 Oct 2005 18:37:00 +0200 Message-ID: <1129048620.434bea2c6b7ab@webmail.boxke.be> Date: Tue, 11 Oct 2005 18:37:00 +0200 From: jimmy@inet-solutions.be To: jere References: <200510111202.j9BC2obf081876@freefall.freebsd.org> <1129036481.434bbac1720a6@webmail.boxke.be> <434BBF09.6040101@htnet.hr> In-Reply-To: <434BBF09.6040101@htnet.hr> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.3 X-Originating-IP: 81.82.129.238 Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 16:31:26 -0000 > jimmy@inet-solutions.be wrote: > > Quoting FreeBSD Security Advisories : > > > > > >>============================================================================= > >>FreeBSD-SA-05:21.openssl Security > Advisory > >> The FreeBSD > Project > > > > [..] > > > >>c) Recompile the operating system as described in > >> >>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > > > > > > Is there any reason why one would need to compile the whole operating > system? > > I can understand that static linked apps need to be recompiled, but which > > are there actually any at all (and linked against openssl)? > > > > Kind regards, > > Jimmy Scott > > > > ---------------------------------------------------------------- > > This message has been sent through ihosting.be > > To report spamming or other unaccepted behavior > > by a iHosting customer, please send a message > > to abuse@ihosting.be > > ---------------------------------------------------------------- > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > Quoting jere : > unfortunately, this is the dark side of FreeBSD security patch > management :) and I think also the main reason FreeBSD isn't so widely > deployed into enterprise environments. It's ok for hacking or managing > few boxes but try to imagine how to manage security on hundreds of them > this way. :( > > on the other side (bright side :) you can try to use unofficial and > often somewhat slowly updating solutions such as bsdupdate > (www.bsdupdates.com) or freebsd-update (from ports tree). > > currently, FreeBSD just don't have a mechanism to handle security > advisories in quick way. > > any suggestions/corrections ? > > j. > What I meant was: "why compile everything instead of just openssl" I'm thinking about this question since the last openssl issue in FreeBSD. ---------------------------------------------------------------- This message has been sent through ihosting.be To report spamming or other unaccepted behavior by a iHosting customer, please send a message to abuse@ihosting.be ----------------------------------------------------------------