Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Jul 2002 08:19:43 -0700 (PDT)
From:      Colin Andrew Percival <cperciva@sfu.ca>
To:        freebsd-hackers@freebsd.org, brett@lariat.org
Cc:        nectar@freebsd.org
Subject:   Re: FreeBSD Auto-update (Was: Re: resolv and dynamic linking to compatlibc)
Message-ID:  <200207021519.IAA22280@fraser.sfu.ca>
In-Reply-To: <20020702002229.V47784-100000@topperwein.dyndns.org> from "Chris BeHanna" at Jul 02, 2002 10:32:23 AM

next in thread | previous in thread | raw e-mail | index | archive | help
[Apologies if this gets delivered twice; some broken DNS is causing mail 
sent via shaw.ca to bounce.]

At 10:32 02/07/2002 -0400, Chris BeHanna wrote:
>On Mon, 1 Jul 2002, Brett Glass wrote:
>> Alas, ethics demand that [older code which is now known to have security
>> flaws] be either taken offline or accompanied
>> with a clear, visible, and strong warning.
>
>    Who is going to expend the time and effort to do this, and what
>task should they let drop on the floor to get it done?
>
>> A snapshot of 4.6-STABLE should also be made and released as 4.6.1.
>
>   You could contribute to that, for a start, to make sure that the
>modularity needed to plug in an update facility is designed in.  I'd
>suggest piggybacking the update facility on top of portupgrade to
>minimize duplication of effort.  That, of course, depends upon the
>availability of known good binary packages with valid MD5 checksums
>and/or PGP signatures, and that's a whole 'nother resource problem.

  I'm new here (well, I've only been around for a bit over a year) so I'm 
probably hopelessly lost, but... what is wrong with making world and 
(GENERIC) kernel each time the 4.6 security branch is updated, and 
publishing (signed) lists of the form "if you have file X with md5 hash 
X_hash, replace it with file Y with md5 hash Y_hash" (where X is a local 
path, and Y is a URL)?
  I'd do this myself, except that I don't have any secure system to do this, 
and I'd be horrified if anyone would trust binary updates coming from me 
anyway.

Colin "it can't really be that easy, can it?" Percival

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207021519.IAA22280>