Date: Fri, 24 Jul 1998 11:39:23 +0200 From: Eivind Eklund <eivind@yes.no> To: John Fieber <jfieber@indiana.edu>, Jay Tribick <netadmin@fastnet.co.uk> Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: Projects to improve security (automagic patching) Message-ID: <19980724113923.54830@follo.net> In-Reply-To: <Pine.BSF.3.96.980722124137.25546P-100000@fallout.campusview.indiana.edu>; from John Fieber on Wed, Jul 22, 1998 at 01:07:36PM -0500 References: <Pine.BSF.3.96.980722093203.1949L-100000@bofh.fast.net.uk> <Pine.BSF.3.96.980722124137.25546P-100000@fallout.campusview.indiana.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 22, 1998 at 01:07:36PM -0500, John Fieber wrote: > Band-aid delivery is trivial, in a relative way. Bandaid > manufacture and automated band-aid application are minefields > waiting to blow someone up. Automated patch application may be > complex enough that reliability and correctness are hard to > guarantee. In the end, managing the "automated" system may be > just as labor intensive and error prone as the old fashioned > method of paying attention to BUGTRAQ and rootshell.com. IMO: You don't transfer source patches, you transfer binary patches. These are relative to a very specific set of files: The exact binaries we distribute as part of the last release. If somebody has patched relative to this, then assume they know what they're doing and drop the patch in the bit-bucket (with a notification to the admin indicating that this has happened, of course). Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980724113923.54830>