From owner-freebsd-hackers Tue Jul 2 8:19:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5351D37B400; Tue, 2 Jul 2002 08:19:46 -0700 (PDT) Received: from rm-rstar.sfu.ca (rm-rstar.sfu.ca [142.58.120.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4E1043E13; Tue, 2 Jul 2002 08:19:45 -0700 (PDT) (envelope-from cperciva@sfu.ca) Received: from fraser.sfu.ca (cperciva@fraser.sfu.ca [142.58.101.25]) by rm-rstar.sfu.ca (8.12.3/8.12.3/SFU-6.0H) with ESMTP id g62FJhmC026436; Tue, 2 Jul 2002 08:19:43 -0700 (PDT) From: Colin Andrew Percival Received: (from cperciva@localhost) by fraser.sfu.ca (8.9.2/8.9.2/SFU-5.0C) id IAA22280; Tue, 2 Jul 2002 08:19:43 -0700 (PDT) Message-Id: <200207021519.IAA22280@fraser.sfu.ca> Subject: Re: FreeBSD Auto-update (Was: Re: resolv and dynamic linking to compatlibc) To: freebsd-hackers@freebsd.org, brett@lariat.org Date: Tue, 2 Jul 2002 08:19:43 -0700 (PDT) Cc: nectar@freebsd.org In-Reply-To: <20020702002229.V47784-100000@topperwein.dyndns.org> from "Chris BeHanna" at Jul 02, 2002 10:32:23 AM X-Mailer: ELM [version 2.5 PL4] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Apologies if this gets delivered twice; some broken DNS is causing mail sent via shaw.ca to bounce.] At 10:32 02/07/2002 -0400, Chris BeHanna wrote: >On Mon, 1 Jul 2002, Brett Glass wrote: >> Alas, ethics demand that [older code which is now known to have security >> flaws] be either taken offline or accompanied >> with a clear, visible, and strong warning. > > Who is going to expend the time and effort to do this, and what >task should they let drop on the floor to get it done? > >> A snapshot of 4.6-STABLE should also be made and released as 4.6.1. > > You could contribute to that, for a start, to make sure that the >modularity needed to plug in an update facility is designed in. I'd >suggest piggybacking the update facility on top of portupgrade to >minimize duplication of effort. That, of course, depends upon the >availability of known good binary packages with valid MD5 checksums >and/or PGP signatures, and that's a whole 'nother resource problem. I'm new here (well, I've only been around for a bit over a year) so I'm probably hopelessly lost, but... what is wrong with making world and (GENERIC) kernel each time the 4.6 security branch is updated, and publishing (signed) lists of the form "if you have file X with md5 hash X_hash, replace it with file Y with md5 hash Y_hash" (where X is a local path, and Y is a URL)? I'd do this myself, except that I don't have any secure system to do this, and I'd be horrified if anyone would trust binary updates coming from me anyway. Colin "it can't really be that easy, can it?" Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message