Date: Fri, 17 May 2002 08:19:14 -0700 From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Brett Glass <brett@lariat.org> Cc: Jeff Palmer <scorpio@drkshdw.org>, security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <200205171519.g4HFJEhN004526@cwsys.cwsent.com> In-Reply-To: Message from Brett Glass <brett@lariat.org> of "Wed, 15 May 2002 15:22:29 MDT." <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org>, Brett
Glass w
rites:
> At 01:51 PM 5/15/2002, Jeff Palmer wrote:
>
> >If CVSup is a programmers tool, and not an administrators tool..
> >How is one supposed to keep his system updated and secure AFTER the initial
> install?
>
> That's been exactly my point in earlier discussions. It should not be necessa
> ry
> to download and recompile the world to get a patch. New users aren't ready
> for that, nor should they be expected to be. And admins, who have
> many responsibilities and are virtually always overloaded, should not be
> burdened with that task.
Patches are upgrade. It's documented in numerous places that to
upgrade your system you need to CVSup, buildworld/installworld. I have
shown the grasshopper sysadmins in my team at work how to do this
simple little task. IMO buildworld is simpler, easier, and takes less
time than a binary upgrade.
The average Solaris binary upgrade takes between 45 minutes and 2 hours
of down time. The average RH upgrade takes about half a work day of
down time, as my Linux guy will attest to. I can buildworld (no down
time), installworld (15 minutes of downtime), mergemaster (do that
during the buildworld -- takes about 5 - 10 minutes). The last time I
did a binary upgrade of a FreeBSD system the upgrade took at least 90
minutes. I see about 15 minutes of down time compared with 45 minutes
to 4 hours of down time.
Brett, I don't know much about you and we've never met or worked
together. If you were a grasshopper sysadmin (and I suspect that you
might be capable of more), buildworld should not scare you. If it
does, working through it slowly and asking many questions will go a
long way to alleviating any fears. (I recently taught a grasshopper
sysadmin [we actually call her Grasshopper] how to install Tru64-UNIX.
We went through it slowly, taking many notes and highlighting the
important parts in the install guide. After spending about a day and a
half working with her, she no longer has a fear of installing
Tru64-UNIX and the next one, she wants to do herself. Trust me,
buildworld is much less complex than a Tru64-UNIX install, especially
when taking into account required firmware updates.
I'm sure there are many people new to FreeBSD and to computers for that
matter who would agree that buildworld isn't as demanding or as scary
as we want to think it is.
Cheers, Phone: 250-387-8437
Cy Schubert Fax: 250-387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, CITS
Ministry of Management Services
Province of BC
FreeBSD UNIX: cy@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205171519.g4HFJEhN004526>