From owner-freebsd-security@FreeBSD.ORG Tue May 23 00:02:05 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C45A916A617 for ; Tue, 23 May 2006 00:02:05 +0000 (UTC) (envelope-from tfotoglidis@netscape.net) Received: from imo-d02.mx.aol.com (imo-d02.mx.aol.com [205.188.157.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE5D043D66 for ; Tue, 23 May 2006 00:02:03 +0000 (GMT) (envelope-from tfotoglidis@netscape.net) Received: from tfotoglidis@netscape.net by imo-d02.mx.aol.com (mail_out_v38_r7.5.) id p.c7.143c8b8b (16238); Mon, 22 May 2006 20:01:56 -0400 (EDT) Received: from mblkn-m10 (mblkn-m10.mblk.aol.com [64.12.170.74]) by air-in03.mx.aol.com (v109.12) with ESMTP id MAILININ32-3f6e447250db2cf; Mon, 22 May 2006 20:01:31 -0400 Date: Mon, 22 May 2006 20:01:32 -0400 Message-Id: <8C84C132EE6302A-D48-D497@mblkn-m10.sysops.aol.com> From: tfotoglidis@netscape.net References: <20060522152011.10728.qmail@do.sefao.com> Received: from 86.131.237.167 by mblkn-m10.sysops.aol.com (64.12.170.74) with HTTP (WebMailUI); Mon, 22 May 2006 20:01:32 -0400 X-MB-Message-Source: WebUI X-MB-Message-Type: User In-Reply-To: <20060522152011.10728.qmail@do.sefao.com> X-Mailer: Netscape WebMail 17673 Content-Type: text/plain; charset="us-ascii"; format=flowed MIME-Version: 1.0 To: fbsd@sefao.com, freebsd-security@freebsd.org X-AOL-IP: 64.12.170.74 X-Spam-Flag: NO Cc: Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 00:02:06 -0000 > As an administrator, time is always an issue. FreeBSD has proven > itself time and again. Having said that, one "wish" would be to have > a default/built-in security update mechanism. > Since time is always and issue, if the system could by default > (without an admin having to write scripts and/or apps, or manually > update) update itself for both system and installed ports/packages, it > likely would reduce security issues exponentially. > This of course would be a massive project/challenge. Varying system > and kernel configurations alone would make this a huge challenge, not > to mention the potential security implications. Time is an issue indeed, but I reckon you would have to spend time even if a "default/built-in" mechanism for updates was in place. You would still have to consider new features and do further tweaking of .conf files and yet even write your own apps again to facilitate new needs with the new features. Might be wrong, but anything "auto-magic" sounds like not a very good idea, saves time probably in the short term, but I''m not sure that's what you want... thanos ___________________________________________________ Try the New Netscape Mail Today! Virtually Spam-Free | More Storage | Import Your Contact List http://mail.netscape.com