Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Oct 1998 07:55:45 -0700
From:      bmah@CA.Sandia.GOV (Bruce A. Mah)
To:        Bob Boone <bboone@whro.org>
Cc:        "freebsd-stable@FreeBSD.ORG" <freebsd-stable@FreeBSD.ORG>
Subject:   Re: 3.0 Questions 
Message-ID:  <199810201455.HAA22937@stennis.ca.sandia.gov>
In-Reply-To: Your message of "Tue, 20 Oct 1998 09:44:33 EDT." <362C93C1.C81CF9AB@whro.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1974079544P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, Bob Boone wrote:

> This is the only FreeBSD list I receive, so I need to ask three
> questions.

Please don't take offense, but it looks to me like you really ought to be 
subscribed to freebsd-questions.  None of these questions relate to -stable.

>  I just built a new webserver Thursday last, from boot.flp/2.2.7, only
> to find 3.0 released on Friday.
> (1) Do I need / how do I get a "boot.flp" that will build 3.0 instead of
> 2.2.7, so I can nuke the Thursday build and start over??

You can grab a boot.flp image for 3.0 from ftp://ftp.freebsd.org/pub/FreeBSD/3.
0-RELEASE/floppies/boot.flp
but see below.

> (2)  Do I WANT to move to 3.0 -- is it stable/tested enough for the
> "brain trust" to feel comfortable with it for a low/moderate traffic
> webserver ??

IMHO, if you are asking the question, no.  From ftp://ftp.freebsd.org/pub/FreeB
SD/3.0-RELEASE/README.TXT

"This release is aimed primarily at early-adopters and the various
other folks who want to get on board with 3.0 and are willing to deal
with the various down-sides of a "dot-zero" release."

3.0 has some nice new features (SMP, CAM, etc.) but it sounds like in your 
situation they won't help you much.  You'll probably be better off with 
2.2.7-RELEASE (note that there will even be a 2.2.8-RELEASE later this year).

> (3)  I'm rebuilding THIS server because I was nuked thru the mail/buffer
> overflow hack, but I'm reading that it isn't just popper... that several
> pop3 and imap servers will break, and that only sendmail 8.9.1 with the
> 1a patch will stop it....  CAN I ADD the sendmail 8.9.1 without breaking
> something else ??? are there dependencies in 8.9.1 that either 2.2.7 or
> 3.0 won't support ????

sendmail 8.9.1a was released to help protect various mail clients that 
had/have problems with buffer overflows in their MIME processing code.  It has 
nothing to do with buffer overflows in various POP3 and IMAP servers.  Yes, 
you can compile and run sendmail 8.9.1a on 2.2.7-RELEASE and/or 3.0-RELEASE.  
2.2.7-RELEASE comes with sendmail-8.8.8 and 3.0-RELEASE comes with 
sendmail-8.9.1.

If you're concerned about the security of your FreeBSD box (and I think you 
should be) you'll probably also want to subscribe to freebsd-security.  The 
various buffer overflows in mail servers were discussed there (ad nauseum :-) 
).

Hope this helps,

Bruce.




--==_Exmh_1974079544P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBNiykcKjOOi0j7CY9AQFmjwP9F3OqeFHnvTraQ/9vpaLBdTEDEZ6e3z6i
+puYaRJ//HDoCWz/pyCmCFfbxHxO51azsIX3o75hDJHusw+bP1WlJRD2nSpBdNqd
niVV8ECs7JUX480EGzaOX+KCncNWqzYUD8X/s0mcw3aUy3w4b0muLKgNOFgkvy5w
/Al3kGtVWNM=
=ZizN
-----END PGP MESSAGE-----

--==_Exmh_1974079544P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810201455.HAA22937>