From owner-freebsd-security@FreeBSD.ORG Wed Aug 22 11:49:47 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 66AC0106564A for ; Wed, 22 Aug 2012 11:49:47 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by mx1.freebsd.org (Postfix) with SMTP id CA7C18FC0C for ; Wed, 22 Aug 2012 11:49:46 +0000 (UTC) Received: (qmail invoked by alias); 22 Aug 2012 11:49:44 -0000 Received: from hu5.abaxx.de (EHLO [10.6.25.100]) [213.61.170.110] by mail.gmx.net (mp072) with SMTP; 22 Aug 2012 13:49:44 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX1+xcFwUF7mxdIzHl8s1RgLg0Cn8DdfiJbAtQb5/09 hT/AvjP7otRx3+ Message-ID: <5034C758.5060207@gmx.de> Date: Wed, 22 Aug 2012 13:49:44 +0200 From: olli hauer User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <20120821120031.9B0771065674@hub.freebsd.org> <20120821155622.A9FB5106566C@hub.freebsd.org> <5034C535.5060603@gmx.de> In-Reply-To: <5034C535.5060603@gmx.de> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: Re: getting the running patch level X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 11:49:47 -0000 On 2012-08-22 13:40, olli hauer wrote: > On 2012-08-22 12:44, Adrian Penisoara wrote: >> Hello, >> >> On Tue, Aug 21, 2012 at 6:49 PM, Roger Marquis wrote: >>> Jilles Tjoelker wrote: >> [...] >>> >>> WRT writing a new file, something like /etc/bsd-release would be a good >>> choice following the principle of least surprise. Mergemaster can and >>> should ignore it (and motd, issue, ...). >>> >> >> I support the idea of using an /etc/*-release file to tag (and this >> makes me think about /var/db/freebsd-update/tag) the current release >> version details of the system (not only the kernel, but the whole >> installed system). This seems to be a popular choice among Linux >> distributions and thus ISV's should feel comfortable with the >> approach. >> >> Mergemaster and/or other updating mechanisms should update the file >> to reflect the reality after upgrades/updates. >> >> Now the format of the file would be also debatable: other vendors >> releasing derivative works from the main FreeBSD source tree (like >> FreeNAS, PC-BSD, etc.) will want to leave some marks as well. Should >> we retain only the vendor's release tag or should we have a multiple >> entries (for the original FreeBSD version and the vendor) ? Should we >> even think about multiple ${vendor}-release files or just bsd-release >> ? > > In case a new file will be used, I suggest using the cpe framework, > see http://cpe.mitre.org/specification/ > > Using a standard framework makes it easier to write platform > independent tools for example in visualization environments. s/visualization/virtualization/ > > sample /etc/system-release-cpe entry > cpe:/o:freebsd:8.3:ga:x64 ...