From owner-freebsd-security@FreeBSD.ORG Wed Oct 12 07:39:50 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FE6816A41F for ; Wed, 12 Oct 2005 07:39:50 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from titan.open-networks.net (ns.open-networks.net [202.173.176.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6ABB343D53 for ; Wed, 12 Oct 2005 07:39:48 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from [192.168.1.200] (tim.open-networks.net [192.168.1.1]) by titan.open-networks.net (Postfix) with ESMTP id 0B6F76E5 for ; Wed, 12 Oct 2005 17:39:47 +1000 (EST) Message-ID: <434CBDC2.4070405@open-networks.net> Date: Wed, 12 Oct 2005 17:39:46 +1000 From: Timothy Smith User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051002) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-security@freebsd.org References: <200510111202.j9BC2obf081876@freefall.freebsd.org> <1129036481.434bbac1720a6@webmail.boxke.be> <434BBF09.6040101@htnet.hr> In-Reply-To: <434BBF09.6040101@htnet.hr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2005 07:39:50 -0000 jere wrote: > unfortunately, this is the dark side of FreeBSD security patch > management :) and I think also the main reason FreeBSD isn't so > widely deployed into enterprise environments. It's ok for hacking or > managing few boxes but try to imagine how to manage security on > hundreds of them this way. :( > > on the other side (bright side :) you can try to use unofficial and > often somewhat slowly updating solutions such as bsdupdate > (www.bsdupdates.com) or freebsd-update (from ports tree). > > currently, FreeBSD just don't have a mechanism to handle security > advisories in quick way. > > any suggestions/corrections ? > > j. > your totally right, even though i hate to admit it. stuff like having to make world is a nightmare when admining lots of machines. i can't afford to make world only to find something screwed up, stuff like that would cost me a lot of time i can't afford. the make world documents mentioning backing up your system. it fails to give any preffered methods or utilites for doing this. anyone got some input on that.