Date: Mon, 17 Jun 2002 23:31:08 -0700 From: Kameron Gasso <kgasso@blort.org> To: Brett Glass <brett@lariat.org> Cc: security@freebsd.org Subject: Re: CDs with patched Apache? Message-ID: <20020617233108.A84129@blort.org> In-Reply-To: <200206180539.XAA26264@lariat.org>; from brett@lariat.org on Mon, Jun 17, 2002 at 11:39:49PM -0600 References: <200206180539.XAA26264@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * At 22:40PDT on 06/17/2002, Brett Glass <brett@lariat.org> wrote: > Since Apache is one of the most commonly installed ports, disc vendors sh= ould > strongly consider mastering their discs with a patched Apache. What's the > status of the CDs and DVDs from various vendors? Will it be possible for = them > to "stop press" and do this? Wasn't the fact that -RELEASE branches don't get updated with new packages = already discussed extensively in the not-so-distant past? Although it wouldn't be very glamorous (and I certainly wouldn't reccommend= it), the port installed with the latest -RELEASE could be "broken" so it w= ouldn't download and install without someone forcing it. Still, this would= n't really encourage them to upgrade their ports tree - it'd more than like= ly just cause much swearing and force people to work around the problem. Long story short, no OS can keep an inexperienced admin from opening it up = to security vulnerabilities... This is just another case of bad timing. Not a lot that can be done. Shou= ldn't we just follow the same precedence set from prior security issues whi= ch were installable from the base system (BIND, OpenSSH, etc.)? =20 Regards, --=20 Kameron Gasso <kgasso@blort.org> PGP key at http://blort.org/~kgasso/pgpkey.txt --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE9DtOsRa4UJDpmZqQRAmmPAJ0TXJYYxOpfOYvuhLFSpKJe+ubgvgCeL75P 6tGoM+AeHHBuNpcNcOxNWAQ= =p2Iu -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020617233108.A84129>