Date: Fri, 17 May 2002 08:19:14 -0700 From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Brett Glass <brett@lariat.org> Cc: Jeff Palmer <scorpio@drkshdw.org>, security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <200205171519.g4HFJEhN004526@cwsys.cwsent.com> In-Reply-To: Message from Brett Glass <brett@lariat.org> of "Wed, 15 May 2002 15:22:29 MDT." <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org>, Brett Glass w rites: > At 01:51 PM 5/15/2002, Jeff Palmer wrote: > > >If CVSup is a programmers tool, and not an administrators tool.. > >How is one supposed to keep his system updated and secure AFTER the initial > install? > > That's been exactly my point in earlier discussions. It should not be necessa > ry > to download and recompile the world to get a patch. New users aren't ready > for that, nor should they be expected to be. And admins, who have > many responsibilities and are virtually always overloaded, should not be > burdened with that task. Patches are upgrade. It's documented in numerous places that to upgrade your system you need to CVSup, buildworld/installworld. I have shown the grasshopper sysadmins in my team at work how to do this simple little task. IMO buildworld is simpler, easier, and takes less time than a binary upgrade. The average Solaris binary upgrade takes between 45 minutes and 2 hours of down time. The average RH upgrade takes about half a work day of down time, as my Linux guy will attest to. I can buildworld (no down time), installworld (15 minutes of downtime), mergemaster (do that during the buildworld -- takes about 5 - 10 minutes). The last time I did a binary upgrade of a FreeBSD system the upgrade took at least 90 minutes. I see about 15 minutes of down time compared with 45 minutes to 4 hours of down time. Brett, I don't know much about you and we've never met or worked together. If you were a grasshopper sysadmin (and I suspect that you might be capable of more), buildworld should not scare you. If it does, working through it slowly and asking many questions will go a long way to alleviating any fears. (I recently taught a grasshopper sysadmin [we actually call her Grasshopper] how to install Tru64-UNIX. We went through it slowly, taking many notes and highlighting the important parts in the install guide. After spending about a day and a half working with her, she no longer has a fear of installing Tru64-UNIX and the next one, she wants to do herself. Trust me, buildworld is much less complex than a Tru64-UNIX install, especially when taking into account required firmware updates. I'm sure there are many people new to FreeBSD and to computers for that matter who would agree that buildworld isn't as demanding or as scary as we want to think it is. Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205171519.g4HFJEhN004526>