From owner-freebsd-security Wed Apr 11 1:53:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from serenity.mcc.ac.uk (serenity.mcc.ac.uk [130.88.200.93]) by hub.freebsd.org (Postfix) with ESMTP id 090B237B422 for ; Wed, 11 Apr 2001 01:53:30 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by serenity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14nGNU-0001R5-00; Wed, 11 Apr 2001 09:53:28 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3B8rSk63440; Wed, 11 Apr 2001 09:53:28 +0100 (BST) (envelope-from rasputin) Date: Wed, 11 Apr 2001 09:53:28 +0100 From: Rasputin To: Nicole Harrington Cc: security@freebsd.org Subject: Re: Security Announcements? Message-ID: <20010411095328.A63302@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: <20010410215014.A8173@scientia.demon.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from nmh@daemontech.com on Tue, Apr 10, 2001 at 03:43:47PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Nicole Harrington [010410 23:45]: > > On 10-Apr-01 Ben Smithurst wrote: > > Michael Nottebrock wrote: > > Well if you want the latest security fixes you shouldn't be running a > > -release anyway, that's that the -stable branch is for. > > Thats the most stupid thing I have every heard. Don't speak to soon. You haven't heard what I've got to say yet :) > I never knew that simply by > running -STABLE I would not have any security problems and would not need > patches or updates. By *tracking* STABLE you do. That's the whole point of it, surely. > 1) A notice that there is problem - So I can tcpwrap or shutdown said service > until a patch is available. > > 2) A binary patch. Similiar to the Linux RPM.s and the BSDi patches. > Just download and run. No compiles no installs. > > 3) A patch that everyone agrees works in an email or other notification that > says, here's were you can get the patch, this works, here's what to do with > it. Isn't that what gets patched into STABLE? If it's a userpsace problem, a make world often isn't necessary. After a sup, you just go into the releavant directories and make install. Kernel bugs are going to need a reboot anyway. I agree with you on the notification issue; we need some kind of batphone - particularly for the new guys, a URL in the default /etc/motd would help. (leaving aside the issue of whether we have a workable batphone yet) Cheers. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message