From owner-freebsd-security Tue Jun 18 6: 5:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 6027837B406 for ; Tue, 18 Jun 2002 06:05:39 -0700 (PDT) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g5ID5N123976; Tue, 18 Jun 2002 08:05:24 -0500 (CDT) Received: (from root@localhost) by sprint.centtech.com (8.11.6+Sun/8.11.6) id g5ID5NB29579; Tue, 18 Jun 2002 08:05:23 -0500 (CDT) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.11.6+Sun/8.11.6) with ESMTP id g5ID5K629572; Tue, 18 Jun 2002 08:05:20 -0500 (CDT) Message-ID: <3D0F3010.A9F0995A@centtech.com> Date: Tue, 18 Jun 2002 08:05:20 -0500 From: Eric Anderson X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Sheldon Hearn Cc: Brett Glass , kgasso@blort.org, security@freebsd.org Subject: Re: CDs with patched Apache? References: <7957.1024403108@axl.seasidesoftware.co.za> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why not fix the bugs, and anything else that comes along in the next week or so (or however long it takes to fix the bugs and rebuild iso's), and release a 4.6.1? Maybe FreeBSD needs an "security update check" tool built into sysinstall, that will do something like: If system is being installed from the net, or installing packages from the net, automatically grab the update list, and show user possible security risks - possibly asking the user if they would like to upgrade their package/system right then. If system is not being installed or installing packages from the net, ask the user if they would like to connect to the net to do the checking. I think most commercial admins subscribe to the security lists, and will "do the right thing", but it's the other half of the FreeBSD users that I would worry about. There is a reason that almost all OS's are using this tactic to get updates and patches installed. If this was a seperate tool, it could be used to easily show the admin what packages are at risk on the box, without the need to manually match up pkg's installed versus packages at risk. Heck, I think I'll look for a tool that does that now, and if there isn't one, I'll write one myself. Eric Sheldon Hearn wrote: > > On Tue, 18 Jun 2002 03:49:28 CST, Brett Glass wrote: > > > But if you were installing from CD, you wouldn't be warned. Unless.... > > Unless pkg_add phoned home to check on the package. Which is possible > > if the machine can be connected to the Net. > > If we can't reroll the ISO, all is not lost. The issue can be > documented in the release ERRATA online for those who pull down the > ISO and in a printed ERRATA note inside CD / DVD packaging for those who > buy such packages. > > Ciao, > Sheldon. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Torque, it makes the world go 'round. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message