From owner-freebsd-questions@FreeBSD.ORG Mon Feb 26 18:43:12 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 00F9D16A404 for ; Mon, 26 Feb 2007 18:43:12 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.freebsd.org (Postfix) with ESMTP id C6B4213C46B for ; Mon, 26 Feb 2007 18:43:11 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id l1QIehVU059538 for ; Mon, 26 Feb 2007 13:40:43 -0500 (EST) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id l1QIehnI059537 for questions@freebsd.org; Mon, 26 Feb 2007 13:40:43 -0500 (EST) (envelope-from jerrymc) Date: Mon, 26 Feb 2007 13:40:43 -0500 From: Jerry To: questions@freebsd.org Message-ID: <20070226184043.GA59508@gizmo.acns.msu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Cc: Subject: Patches in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2007 18:43:12 -0000 Hi All, I am being forced to use something besides FreeBSD - probably Susie or Red Hat Linux for the base of a server system. The primary reason given is that when security issues come along, FreeBSD has no way of patching the running system, but rather requires rebuilding the system - CVSUP, make, install, etc whereas Susie and Red Hat can be patched on the fly. I presume this means kernel type security stuff rather than concerns about third party software. Up to now, I have not been in a situation that doing a cvsup and builds and installs or even scratch installs of new versions wasn't just fine, so that is what I have done and have some experience with. But the powers that be here are saying that is unacceptable because it will take the system down too much for critical fixes. My question is: How do I respond to this? I have seen the word patch used in security update messages - but didn't follow that path. Is that real? Does it cover kernel things essentially on the fly or is a 'time consuming' rebuild still needed? I will look up some stuff on patches in FreeBSD, but would like to hear some perspective on this. Thanks, ////jerry