Date: Wed, 15 May 2002 13:25:33 -0600 From: Brett Glass <brett@lariat.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: Makoto Matsushita <matusita@jp.FreeBSD.org>, security@FreeBSD.org Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <4.3.2.7.2.20020515132148.03139eb0@nospam.lariat.org> In-Reply-To: <20020515164555.GA33357@madman.nectar.cc> References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:45 AM 5/15/2002, Jacques A. Vidrine wrote: >Careless system administrators / consultants are an even bigger >security problem. You're not careless if you expect the package to reflect the latest version of the port. You're expecting something perfectly reasonable. >If you install 4.5-RELEASE, you get packages that were generated for >4.5-RELEASE. Surprise. Why? The packages, like the ports, are software that is not part of FreeBSD. It makes sense to provide the latest versions of those packages to anyone who's downloading. I seem to recall that there's some way to tell /stand/sysinstall to grab packages from -STABLE. But new users won't know that. (*I* don't even remember what magic incantation you have to type in.) Best to have the latest version of every package be the default, and to make sure that the packages are kept up with the ports. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020515132148.03139eb0>