Date: Thu, 18 Apr 2002 11:51:25 -0600 From: Nate Williams <nate@yogotech.com> To: Brett Glass <brett@lariat.org> Cc: David Wolfskill <david@catwhisker.org>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <15551.1949.581870.277391@caddis.yogotech.com> In-Reply-To: <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org> References: <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <4.3.2.7.2.20020418114128.02156980@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Another 'clue-by-four' that Brett can ignore again ] > >If you have systems that are that important to you -- and I do, even > >here at home -- then acquire a machine to do the builds, and then use > >some method other than "build in place" to install the result. > > That's not sufficient to ensure that you didn't pick the wrong time > to take a snapshot. Production machines must run a known good > snapshot. Pray tell who is going to very that a snapshot is both 'known and good'? Simply applying security patches doesn't (necessarily) qualify as giving you your requirement, so if you are truly concerned about your production systems, you'll need to test *any* changes made to them either on the system (and take the risk that it won't work), or setup a system like David says and do your testing/verification process on a scratch system. This ain't rocket science here.... Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15551.1949.581870.277391>