Date: Mon, 10 Oct 2011 22:23:09 +0200 From: Remko Lodder <remko@elvandar.org> To: Mike Brown <mike@skew.org> Cc: freebsd-security@freebsd.org Subject: Re: Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix) Message-ID: <F281471A-B970-4F4D-A9C2-E4715A86045C@elvandar.org> In-Reply-To: <201110020411.p924BPqn037383@chilled.skew.org> References: <201110020411.p924BPqn037383@chilled.skew.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 2, 2011, at 6:11 AM, Mike Brown wrote: > Chris Rees wrote: >> Generally users are expected to pay attention to what is updated-- I >> know this isn't always the easiest task, but blindly following >> instructions is not something that is generally advocated in FreeBSD. >=20 > Generally, yes. For a security advisory, though, I don't think it's=20 > unreasonable for the reader to expect that the solutions and = workarounds are=20 > exactly as described, with nothing left out or assumed that every = system=20 > administrator will know. Likewise, the advisory issuer surely expects = that the=20 > instructions they provide *will* be very strictly followed. >=20 > Based on my own experience, I did happen to realize that a reboot = would=20 > probably be needed, but since one procedure in the advisory said to = reboot and=20 > the other didn't, it led me to wonder if maybe there was some magic in=20= > freebsd-update that obviated the need for a reboot. Apparently there's = not; it=20 > was just an oversight in the instructions. >=20 > Also, sometimes things go haywire after a reboot, especially after = extended=20 > uptime and updates to the kernel or core libraries, so I'm in the = habit of=20 > only shutting down when necessary. So if I don't see "and then reboot" = in an=20 > update procedure - and most of the time, security updates don't = require it -=20 > then I don't do it. >=20 Hi Mike, I do see the point you are mentioning and I will discuss this the next = time we (Security Team) are preparing an advisory. Thanks Remko --=20 /"\ With kind regards, | remko@elvandar.org \ / Remko Lodder | remko@FreeBSD.org X FreeBSD | = http://www.evilcoder.org / \ The Power to Serve | Quis custodiet ipsos custodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F281471A-B970-4F4D-A9C2-E4715A86045C>