From owner-freebsd-security@FreeBSD.ORG Wed May 24 08:33:11 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2653416A4F0 for ; Wed, 24 May 2006 08:33:11 +0000 (UTC) (envelope-from MH@kernel32.de) Received: from crivens.terrorteam.de (crivens.terrorteam.de [81.169.171.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 630A443D46 for ; Wed, 24 May 2006 08:33:10 +0000 (GMT) (envelope-from MH@kernel32.de) Received: from localhost (localhost [127.0.0.1]) by crivens.terrorteam.de (Postfix) with ESMTP id A2C534021; Wed, 24 May 2006 10:33:08 +0200 (CEST) X-Virus-Scanned: amavisd-new at unixoid.de Received: from crivens.terrorteam.de ([127.0.0.1]) by localhost (crivens.unixoid.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVYFL5WP9fVz; Wed, 24 May 2006 10:33:08 +0200 (CEST) Received: from [10.38.0.12] (unknown [213.238.63.253]) by crivens.terrorteam.de (Postfix) with ESMTP id F19D83FE7; Wed, 24 May 2006 10:33:07 +0200 (CEST) Message-ID: <44741A43.40302@kernel32.de> Date: Wed, 24 May 2006 10:33:07 +0200 From: Marian Hettwer User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Yann Golanski References: <20060523120100.37D2B16A54F@hub.freebsd.org> <20060523083944.H96736@eboyr.pbz> <20060523160051.GA78620@kierun.org> In-Reply-To: <20060523160051.GA78620@kierun.org> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Survey X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 08:33:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hej Yann, Yann Golanski wrote: > Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700 > >>Peter Jeremy wrote: >> >>>One of the major problems with unattended/automatic updating is >>>that it is hard to filter them. >> >>It's hard to make a good case for automatic updates when manual >>updates are so easy. > > > So, here is a question: I have three machines, all on different hardware > but with the same version of FreeBSD that are updated manually. Now, > how about I get a dozen machines... How do I do that in a reasonable > amount of time? You get yourself a build machine. Say you have 10 amd64 machines and 10 intel boxes, well, then you'll need one amd64 machine and one intel machine. Set up jails on this build host. Each jail having the specific make.conf and stuff configuration you like. Let's say intel machine: jail-1 --> for your MySQL machines jail-2 --> for your Apaches jail-3 --> for your mailservers go to each jail and built yourself some packages (make package). Then use those packages to install them on your production machines. You may want to abuse these jails to do some testing wether the packages are okay too... It really depends on how many machines you have, on how many different tasks they have and on which archictures you're running. The answer is: build host + jails for a testing environment... This'll reduce your actual downtime. regards, Marian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdBpBgAq87Uq5FMsRAnAxAJ91Hwn1+D316JMQIzzFuY8vCmh7IACg0d5o mjsNREbuXX1GrDpMcxo8JWE= =wqUj -----END PGP SIGNATURE-----