Date: Thu, 18 Apr 2002 11:59:26 -0600 From: Nate Williams <nate@yogotech.com> To: Brett Glass <brett@lariat.org> Cc: nate@yogotech.com (Nate Williams), Christopher Schulte <schulte+freebsd@nospam.schulte.org>, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <15551.2430.223189.820500@caddis.yogotech.com> In-Reply-To: <4.3.2.7.2.20020418114304.00dccf00@nospam.lariat.org> References: <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org> <200204171923.g3HJNga58899@freefall.freebsd.org> <4.3.2.7.2.20020418114304.00dccf00@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> >Who said anything about building it every night? > > Many people are suggesting that one CVSup every night. How is doing a CVSup and building a release related? You can build a system every night and never do a build? You can do a build every night and never do a CVSup? They are completely unrelated operations. > >> Nor is downloading a random snapshot. (Which one can't seem to do > >> anyway these days; releng4.freebsd.org is refusing > > > >Who said anything about a 'random' snapshot. Pick the snapshot that has > >the fix applied (using the date), and build it. > > How does one know that there isn't a system-crashing bug in some other > part of the tree for the same date? How do you know that the patch doesn't cause your system to crash, because of the special circumstances in your setup that wasn't seen previously? > What's needed is not just the snapshot that happened to be available > that day (or today) but one that's known to be reasonably > stable. Remember, a snapshot of -STABLE taken on a random day is not > guaranteed even to boot! Except, a snapshot of RELENG_4_[2345] *are* guaranteed to both boot, and contain minimal changes (security only), in as much as you get *any* guarantee from any vendor. > >There is. Download the 'random snapshot' using the RELENG_4_5 tag. > >All I see from you is a lot of bitching about how the FreeBSD project > >didn't hold your hand tight enough > > Not true at all. What administrators using FreeBSD need is not > "hand-holding" but a way to upgrade to a known good snapshot. Many folks have provided you with ample ways to get a known/good snapshot. You simply refuse to use them. > Not necessarily the absolute latest, but one with the needed > patches which others have seen to work. See above. That *is* > >and have a developer show up on your > >doorstop to install and verify every single version of FreeBSD you use. > > I'm a developer myself, and therefore understand the value of testing. > It should be possible to get a snapshot ("patch level N," or whatever) > which one knows that others have tried and have found to work. As an > administrator, you should want this too. And I do on those systems, but apparently I have more of a clue than you do, since I don't find it all a problem to follow the advice given by many people who've contributed to this thread (and similar threads you've raised in the past.) There are at two active *branches* in FreeBSD, and a number of semi-active branches. Active: - RELENG_4 (stable) - HEAD (current) Semi-active: - RELENG_4_5 (security patches to FreeBSD4.5) - RELENG_4_4 (security patches to FreeBSD4.5) - RELENG_4_3 (security patches to FreeBSD4.5) Less-active: - RELENG_3 - RELENG_2 If you want a *completely* stable release without bad patches (to the best of the ability of the developers), and you are running a system based on FreeBSD 4.[345], then grab the RELENG_4_[345] branch, which is the exact same code as the releases plus security patches. This is all laid out in the security advisories, which apparently you actually don't completely read. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15551.2430.223189.820500>