From owner-freebsd-security  Fri Jul 24 02:40:06 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA29439
          for freebsd-security-outgoing; Fri, 24 Jul 1998 02:40:06 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29360
          for <security@FreeBSD.ORG>; Fri, 24 Jul 1998 02:39:52 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id JAA09367;
	Fri, 24 Jul 1998 09:39:25 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id LAA11283;
	Fri, 24 Jul 1998 11:39:24 +0200 (MET DST)
Message-ID: <19980724113923.54830@follo.net>
Date: Fri, 24 Jul 1998 11:39:23 +0200
From: Eivind Eklund <eivind@yes.no>
To: John Fieber <jfieber@indiana.edu>, Jay Tribick <netadmin@fastnet.co.uk>
Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject: Re: Projects to improve security (automagic patching)
References: <Pine.BSF.3.96.980722093203.1949L-100000@bofh.fast.net.uk> <Pine.BSF.3.96.980722124137.25546P-100000@fallout.campusview.indiana.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <Pine.BSF.3.96.980722124137.25546P-100000@fallout.campusview.indiana.edu>; from John Fieber on Wed, Jul 22, 1998 at 01:07:36PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Jul 22, 1998 at 01:07:36PM -0500, John Fieber wrote:
> Band-aid delivery is trivial, in a relative way.  Bandaid
> manufacture and automated band-aid application are minefields
> waiting to blow someone up.  Automated patch application may be
> complex enough that reliability and correctness are hard to
> guarantee.  In the end, managing the "automated" system may be
> just as labor intensive and error prone as the old fashioned
> method of paying attention to BUGTRAQ and rootshell.com. 

IMO: You don't transfer source patches, you transfer binary patches.
These are relative to a very specific set of files: The exact binaries
we distribute as part of the last release.  If somebody has patched
relative to this, then assume they know what they're doing and drop
the patch in the bit-bucket (with a notification to the admin
indicating that this has happened, of course).

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message