Date: Thu, 18 Apr 2002 09:18:58 -0700 (PDT) From: David Wolfskill <david@catwhisker.org> To: brett@lariat.org, schulte+freebsd@nospam.schulte.org, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <200204181618.g3IGIwkd029030@bunrab.catwhisker.org> In-Reply-To: <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Thu, 18 Apr 2002 10:10:15 -0600 >From: Brett Glass <brett@lariat.org> >At 11:11 PM 4/17/2002, Christopher Schulte wrote: >>You can synchronize your source tree and recompile. See: >>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html >Alas, this is not an acceptable solution. >I realize that many people use FreeBSD on non-mission-critical systems, or >to tinker with, and can afford downtime. But we need to create and maintain >production machines. >I hope that you can understand that doing a CVSup and then rebuilding the >world every night (slowing the system to a crawl in the process and >creating a system which might or might not be 100% stable) is not an >acceptable solution. Nor is downloading a random snapshot. (Which one >can't seem to do anyway these days; releng4.freebsd.org is refusing That is irrelevant and specious. If you have systems that are that important to you -- and I do, even here at home -- then acquire a machine to do the builds, and then use some method other than "build in place" to install the result. In some cases, that could be NFS (perhaps over a special network dedicated to such tasks); in others, it could be using such capabilities as provided by atacontrol to insert a drive with a system image while the target system remains up and running. In neither case is the target system required to do the builds (and consume the time and other resources necessary). >What is needed is a known good "p3" (or "p-whatever") build that can be >installed quickly with minimum downtime. Yet, despite the fact that >people routinely refer to (for example) "4.5-RELEASE-p3", no such build >seems to actually exist. For those of us who create and manage production >servers, there should be. Patches? Thanks.... Cheers, david (links to my resume at http://www.catwhisker.org/~david) -- David H. Wolfskill david@catwhisker.org Based on my experience as a computing professional, I consider the use of Microsoft products as components of computing systems to be just as advisable as using green wood to frame a house... and expect similar results. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204181618.g3IGIwkd029030>