From owner-freebsd-security Thu Apr 18 18:26:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from rain.macguire.net (sense-sea-MegaSub-1-125.oz.net [216.39.144.125]) by hub.freebsd.org (Postfix) with ESMTP id 71A3737B405 for ; Thu, 18 Apr 2002 18:26:40 -0700 (PDT) Received: (from roo@localhost) by rain.macguire.net (8.11.6/8.11.6) id g3J1OgG38989; Thu, 18 Apr 2002 18:24:42 -0700 (PDT) (envelope-from roo) Date: Thu, 18 Apr 2002 18:24:42 -0700 From: Benjamin Krueger To: Nate Williams Cc: Benjamin Krueger , "Karsten W. Rohrbach" , Jeff Palmer , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020418182442.H23267@rain.macguire.net> References: <4.3.2.7.2.20020417230144.032ad390@nospam.lariat.org> <200204171923.g3HJNga58899@freefall.freebsd.org> <4.3.2.7.2.20020418095356.024354c0@nospam.lariat.org> <012901c1e725$da237e90$0286a8c0@jeffrey> <20020418154338.D23267@rain.macguire.net> <20020419014351.M60925@mail.webmonster.de> <20020418171454.E23267@rain.macguire.net> <15551.28671.448890.421578@caddis.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15551.28671.448890.421578@caddis.yogotech.com>; from nate@yogotech.com on Thu, Apr 18, 2002 at 07:16:47PM -0600 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Nate Williams (nate@yogotech.com) [020418 18:16]: > > > > Like it or not, Brett has raised a concern which is entirely valid and echoed > > > > by many system administrators. ( I have a feeling the number is not small ) > > > > > > but you are missing the point that _administrators_ have the option (and > > > the knowledge) to upgrade from source, using a builder system, just like > > > most freebsd admins with larger installations do. > > > > > Indeed they do. Doing this for 1000 individual servers, even when > > scripted, is an incredible task, and not very feasible. > > Doing *anything* to 1000 individual servers running ANY OS is an > incredible tasks, regardless of what is being done. Why is FreeBSD > being singled out here? Because keeping an internal build mechanism is far more complex and costly than keeping a set of scripts that push out patches. > > Quite a few shops do have the luxery of being able to maintain and release > > internal builds. Quite a few more do not. Either way, its still a good > > opportunity for someone who can. =) > > Any shop that has a significant # of servers that I've worked with takes > the time to do internal builds using a standard set of hardware. > Otherwise, you spend more time chasing your tail than in solving > problems. (Again, this issue is orthogonal to the issue of which > hardware/software is being used). Again, verification is not quite the task that building an OS is. > > Nate -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message