Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jun 2002 23:31:08 -0700
From:      Kameron Gasso <kgasso@blort.org>
To:        Brett Glass <brett@lariat.org>
Cc:        security@freebsd.org
Subject:   Re: CDs with patched Apache?
Message-ID:  <20020617233108.A84129@blort.org>
In-Reply-To: <200206180539.XAA26264@lariat.org>; from brett@lariat.org on Mon, Jun 17, 2002 at 11:39:49PM -0600
References:  <200206180539.XAA26264@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
* At 22:40PDT on 06/17/2002, Brett Glass <brett@lariat.org> wrote:
> Since Apache is one of the most commonly installed ports, disc vendors should
> strongly consider mastering their discs with a patched Apache. What's the
> status of the CDs and DVDs from various vendors? Will it be possible for them
> to "stop press" and do this?

Wasn't the fact that -RELEASE branches don't get updated with new packages already discussed extensively in the not-so-distant past?

Although it wouldn't be very glamorous (and I certainly wouldn't reccommend it), the port installed with the latest -RELEASE could be "broken" so it wouldn't download and install without someone forcing it.  Still, this wouldn't really encourage them to upgrade their ports tree - it'd more than likely just cause much swearing and force people to work around the problem.

Long story short, no OS can keep an inexperienced admin from opening it up to security vulnerabilities...

This is just another case of bad timing.  Not a lot that can be done.  Shouldn't we just follow the same precedence set from prior security issues which were installable from the base system (BIND, OpenSSH, etc.)?
 
Regards,
-- 
Kameron Gasso <kgasso@blort.org>
PGP key at http://blort.org/~kgasso/pgpkey.txt

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE9DtOsRa4UJDpmZqQRAmmPAJ0TXJYYxOpfOYvuhLFSpKJe+ubgvgCeL75P
6tGoM+AeHHBuNpcNcOxNWAQ=
=p2Iu
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020617233108.A84129>