Date: Fri, 04 Nov 2005 15:54:19 -0500 From: Tom Grove <freebsd@voidmain.net> To: Richard Bejtlich <taosecurity@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: Facilitating binary kernel upgrades Message-ID: <436BCA7B.6060700@voidmain.net> In-Reply-To: <120ef0530511041210s6d3dbee8pc2db36129b44be2c@mail.gmail.com> References: <120ef0530511041210s6d3dbee8pc2db36129b44be2c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Richard Bejtlich wrote: >Hello all, > >I have become a fan of Colin Percival's freebsd-update, which allows >binary updates of the GENERIC kernel and unmodified userland. > >Binary kernel updates are not possible if I modify my kernel to >include support for IPSec or NAT, e.g. > >device crypto >options FAST_IPSEC >options IPFIREWALL >options IPDIVERT > >After speaking with Colin, he mentioned that IPSec, NAT, and disk >quotas (enabled via options QUOTA) are the three most popular kernel >changes that prevent people from running GENERIC and hence using >freebsd-update for binary kernel updates. > >Can anyone shed light on why those three features are not available in GENERIC? > >Thank you, > >Richard >http://www.taosecurity.com >_______________________________________________ >freebsd-stable@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-stable >To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > > > My guess is that just because those are the three most popular kernel changes that prevent people from running GENERIC doesn't mean that the majority of users implement these changes. -Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?436BCA7B.6060700>