Date: Sat, 20 Mar 1999 03:00:57 -0500 (EST) From: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu> To: patl@phoenix.volant.org Cc: freebsd-security@freebsd.org Subject: Re: 3.1-RELEASE Message-ID: <Pine.SOL.3.96L.990320025620.2763A-100000@unix6.andrew.cmu.edu> In-Reply-To: <ML-3.3.921873509.9983.patl@asimov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Mar 1999 patl@phoenix.volant.org wrote: > > I am just curious as to who updates the ports for the RELEASEs. > > It seems when I was installing 3.1 on a friends machine yesterday and went > > to install an ftp daemon, I ended up using the ports to install proftpd. > > The only problem with this is that the ports collection installed pre1 > > which has a known buffer overflow in it. Maybe I am wrong in assuming > > this is a bad thing ... but shouldn't someone be checking and updating > > things like this? > > I suspect that pre1 was the most current version when the ports tree > was frozen for 3.1-RELEASE. If you install the 3.1->current package > (from the Web/FTP site) and then CVSup ports, you will find that it > is now using pre2. (And has been since at least the end of February.) > > > > -Pat My thoughts were more on the security of the default installation. Not many people will set up a cron to snag the latest source through CVS and thus would be open to having their machine broken into. I was just wondering if someone could/would do something like updating things that are frozen on -RELEASEs. I was under the impression that most people will not install -CURRENT due to wanting a stable server through -RELEASE and thus would fall victim to stupid errors. [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.96L.990320025620.2763A-100000>