Date: Tue, 20 Oct 1998 07:55:45 -0700 From: bmah@CA.Sandia.GOV (Bruce A. Mah) To: Bob Boone <bboone@whro.org> Cc: "freebsd-stable@FreeBSD.ORG" <freebsd-stable@FreeBSD.ORG> Subject: Re: 3.0 Questions Message-ID: <199810201455.HAA22937@stennis.ca.sandia.gov> In-Reply-To: Your message of "Tue, 20 Oct 1998 09:44:33 EDT." <362C93C1.C81CF9AB@whro.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1974079544P Content-Type: text/plain; charset=us-ascii If memory serves me right, Bob Boone wrote: > This is the only FreeBSD list I receive, so I need to ask three > questions. Please don't take offense, but it looks to me like you really ought to be subscribed to freebsd-questions. None of these questions relate to -stable. > I just built a new webserver Thursday last, from boot.flp/2.2.7, only > to find 3.0 released on Friday. > (1) Do I need / how do I get a "boot.flp" that will build 3.0 instead of > 2.2.7, so I can nuke the Thursday build and start over?? You can grab a boot.flp image for 3.0 from ftp://ftp.freebsd.org/pub/FreeBSD/3. 0-RELEASE/floppies/boot.flp but see below. > (2) Do I WANT to move to 3.0 -- is it stable/tested enough for the > "brain trust" to feel comfortable with it for a low/moderate traffic > webserver ?? IMHO, if you are asking the question, no. From ftp://ftp.freebsd.org/pub/FreeB SD/3.0-RELEASE/README.TXT "This release is aimed primarily at early-adopters and the various other folks who want to get on board with 3.0 and are willing to deal with the various down-sides of a "dot-zero" release." 3.0 has some nice new features (SMP, CAM, etc.) but it sounds like in your situation they won't help you much. You'll probably be better off with 2.2.7-RELEASE (note that there will even be a 2.2.8-RELEASE later this year). > (3) I'm rebuilding THIS server because I was nuked thru the mail/buffer > overflow hack, but I'm reading that it isn't just popper... that several > pop3 and imap servers will break, and that only sendmail 8.9.1 with the > 1a patch will stop it.... CAN I ADD the sendmail 8.9.1 without breaking > something else ??? are there dependencies in 8.9.1 that either 2.2.7 or > 3.0 won't support ???? sendmail 8.9.1a was released to help protect various mail clients that had/have problems with buffer overflows in their MIME processing code. It has nothing to do with buffer overflows in various POP3 and IMAP servers. Yes, you can compile and run sendmail 8.9.1a on 2.2.7-RELEASE and/or 3.0-RELEASE. 2.2.7-RELEASE comes with sendmail-8.8.8 and 3.0-RELEASE comes with sendmail-8.9.1. If you're concerned about the security of your FreeBSD box (and I think you should be) you'll probably also want to subscribe to freebsd-security. The various buffer overflows in mail servers were discussed there (ad nauseum :-) ). Hope this helps, Bruce. --==_Exmh_1974079544P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNiykcKjOOi0j7CY9AQFmjwP9F3OqeFHnvTraQ/9vpaLBdTEDEZ6e3z6i +puYaRJ//HDoCWz/pyCmCFfbxHxO51azsIX3o75hDJHusw+bP1WlJRD2nSpBdNqd niVV8ECs7JUX480EGzaOX+KCncNWqzYUD8X/s0mcw3aUy3w4b0muLKgNOFgkvy5w /Al3kGtVWNM= =ZizN -----END PGP MESSAGE----- --==_Exmh_1974079544P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810201455.HAA22937>