Date: Thu, 18 Apr 2002 22:06:42 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: Brett Glass <brett@lariat.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020418220642.A1647@sheol.localdomain> In-Reply-To: <4.3.2.7.2.20020418203122.0218e970@nospam.lariat.org>; from brett@lariat.org on Thu, Apr 18, 2002 at 08:33:12PM -0600 References: <4.3.2.7.2.20020418200936.023fedd0@nospam.lariat.org> <4.3.2.7.2.20020418141843.021d1540_nospam.lariat.org@ns.sol.net> <20020418182218.GA35672_peitho.fxp.org@ns.sol.net> <4.3.2.7.2.20020418141843.021d1540_nospam.lariat.org@ns.sol.net> <200204190149.g3J1nOb01496@sheol.localdomain> <4.3.2.7.2.20020418200936.023fedd0@nospam.lariat.org> <20020418212445.A1577@sheol.localdomain> <4.3.2.7.2.20020418203122.0218e970@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This'll be my last post in this thread, as Jason has a valid point in his
reply; this discussion doesn't really belong in this list.
On Apr 18, at 08:33 PM, Brett Glass wrote:
>
> At 08:24 PM 4/18/2002, D J Hawkey Jr wrote:
>
> >> You obviously misunderstand what we've been referring to when we use
> >> the word "snapshot." A "snapshot," in this context, is a build of FreeBSD
> >> from a particular day's sources.
> >
> >No, I think I do understand. Would not that "snapshot" include the kernel?
> >If so, what would you like that kernel to be configured as when the snapshot
> >is taken?
>
> GENERIC.
Wouldn't cut it for some of the boxes I am or have been responsible for.
It'd boot and run, mostly, but it wouldn't "communicate".
> >Would you really want an OS built for the lowest common denominator as the
> >one you install on your production servers, much less your desktop?
>
> Sure, to start with. And then I customize it. If my kernel config files are
> preserved through the update, I can do that very quickly.
Excepting servers that can't connect to a "master box" via NFS (as has been
detailed), you can't possibly build and install a kernel inside of the ten
to twenty (max?) minutes of downtime to install an already-built kernel from
that NFS server "master".
Even were it so, you'd end up with a tuned kernel running against it's
lowest common denominator OS; that's acceptable to you? Not for me, nope.
In my mind, it boils down to this: If you value FreeBSD enough to employ
it, is it such a stretch to have a "master" on the network to accomodate
FreeBSD's update/upgrade methodologies? My "master" just happens to be my
workstation; no additional costs incurred.
In closing, it seems to me you've got to consider the entire population
more, and your own conveniences a little less. Completely unfashionable
since, oh, the middle 80's or so, but it's the coda to much, isn't it?
> --Brett
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418220642.A1647>