Date: Mon, 14 Aug 2017 08:55:30 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: Remko Lodder <remko@FreeBSD.org> Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org Subject: Re: pkg audit false negatives Message-ID: <nycvar.OFS.7.76.1708140848070.96628@eboyr.pbz> In-Reply-To: <36CDFE51-3E9A-42EA-8182-2972CE519DDC@FreeBSD.org> References: <nycvar.OFS.7.76.1708101931090.13252@eboyr.pbz> <C540BA50-5F06-4F99-A575-D27347A3F527@FreeBSD.org> <D12FD70B-2F2B-4895-AB9D-1BD72F8512B6@FreeBSD.org> <nycvar.OFS.7.76.1708111441430.53156@eboyr.pbz> <B1E5DD0C-8BBD-4F37-855C-447F28B0B49C@FreeBSD.org> <nycvar.OFS.7.76.1708111716080.86615@eboyr.pbz> <0F48B4BB-BB2C-479D-9F43-006D73C1E218@FreeBSD.org> <nycvar.OFS.7.76.1708132022470.4437@eboyr.pbz> <36CDFE51-3E9A-42EA-8182-2972CE519DDC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> That leaves just unpackaged base as FreeBSD's remaining audit weakness. > > Hi, I am happy that I can reduce your worry factor a bit ;-) > > Can you share what the audit weakness is? freebsd-update cron checks > whether or not an update is available and then emails you. If you run > -RELEASE, then that means that either an EN or SA had been released.. Can you run freebsd-update on a -RELEASE system installed and maintained with buildworld/buildkernel/installkernel/installworld? Though it's been more than a year since the last time I tested freebsd-update, on Virtualbox VMs, it resulted in too many bricked systems to rely on. That may have changed but it would still be better to build a packaged base or have reproduceable builds as lighter-weight solutions to the base audit issue. Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1708140848070.96628>