Date: Sat, 1 Oct 2011 22:11:25 -0600 (MDT) From: Mike Brown <mike@skew.org> To: freebsd-security@freebsd.org Subject: Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix) Message-ID: <201110020411.p924BPqn037383@chilled.skew.org> In-Reply-To: <CADLo839PqMoo-jTvNOZYdyKmrHfKKFNZq2YTRDr3MbKp45FxEA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris Rees wrote: > Generally users are expected to pay attention to what is updated-- I > know this isn't always the easiest task, but blindly following > instructions is not something that is generally advocated in FreeBSD. Generally, yes. For a security advisory, though, I don't think it's unreasonable for the reader to expect that the solutions and workarounds are exactly as described, with nothing left out or assumed that every system administrator will know. Likewise, the advisory issuer surely expects that the instructions they provide *will* be very strictly followed. Based on my own experience, I did happen to realize that a reboot would probably be needed, but since one procedure in the advisory said to reboot and the other didn't, it led me to wonder if maybe there was some magic in freebsd-update that obviated the need for a reboot. Apparently there's not; it was just an oversight in the instructions. Also, sometimes things go haywire after a reboot, especially after extended uptime and updates to the kernel or core libraries, so I'm in the habit of only shutting down when necessary. So if I don't see "and then reboot" in an update procedure - and most of the time, security updates don't require it - then I don't do it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110020411.p924BPqn037383>