Date: Fri, 19 Apr 2002 20:50:16 -0400 (EDT) From: Peter Leftwich <Hostmaster@Video2Video.Com> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Brett Glass <brett@lariat.org>, Doug Barton <DougB@FreeBSD.ORG>, FreeBSD Security LIST <security@FreeBSD.ORG> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip Message-ID: <20020419203037.S39174-100000@earl-grey.cloud9.net> In-Reply-To: <20020420022630.C88054@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 20 Apr 2002, Karsten W. Rohrbach wrote:
> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
{My lord! Is this thread still alive?! The security@freebsd.org list is
for legitimate, authoritative notices only is it not...}
> Brett Glass(brett@lariat.org)@2002.04.19 16:12:33 +0000:
> > At 04:07 PM 4/19/2002, Doug Barton wrote:
> > >I long ago forgot what it was like to be a new FreeBSD user,
questions@freebsd.org
> > This is part of the problem here. We should care a lot about newcomers' experience, and respect the fact that no matter how bright they are they cannot learn everything at once. Expecting a new user to master CVSup is unreasonable.
Hi Karsten. The FreeBSD (and most *nix OS folk) community *does* care tons
about newcomers. It's the newcomers that make demands, snap judgments, and
ask endless questions without RTFM or RTFMOTT (... once told to) that are
disliked and as such scolded, often somewhat harshly but -- well, you gadda
make an example. :)
Besides, nobody expects anyone to "master" any command (cvsup for example).
That is unreasonable and everyone would agree; Are you confusing goals with
inferences? For example, Jane J. wishes to master (or mistress) the grep
command, so she posts to a list "How do I use grep?" Someone replies "man
grep" and Jane J. gets all fussy because this cold-hearted posting person
is somehow impeding her from becoming "Grep Expert of the Planet." *lol*
> brett, i'm sorry, but reading this thread made me think about the days when i started using freebsd and set up my first server. after being left alone at a root user prompt "# " i learned how to configure the stuff in /etc, that docs are in /usr/share/doc, how to install packages, and then how to cvsup (for building upt to date versions out of the ports tree).
I always log in as root - The thinking is... rm doesn't scare me one bit! :)
> in my personal opinion, i find the RPM or binary-only distribution mechanism very dangerous for users, because it is mainly the microsoft approach to hide software complexity behind an interface the user has to trust. i personally do not trust binary package systems (although i am forced to use them sometimes), nor do i blindly trust the ports tree. yes, i mean i _read_ the make files and view the output of the make process before installing a port the first time on one box. then i make a package out of it. that's all personal preference, yes.
Don't know practically nuttin about RPM, but if you are concerned about
security and customizable control of pkg_add, remember the following: You
can *always* just ftp the package (a tarball, or somecommandhere_3.1.1.tgz)
to your box, gunzip and untar the contents... edit them in your favorite
editor and then "make" or "make clean" or "make install" manually (you can
tell beyond a certain point in this sentence I know not about what I speak)!
> IMVHO, what would be a good thing[tm] for the source dist (/usr/src) is a Changelog file, containing the history of major fixes/enhancements to the currently installed sources. it would be very easy to write a little wrapper that saves /usr/src/Changelog (or maybe even a whole hierarchy of subsystem Changelogs) to a backup and then diffs out the changes after the update completed. this gives at least some overview about what has changed and where to look for potential breakage. it would be very good, if some of the committers could comment on that.
> regards,
> /k
No comment. (Uninformed.)
> > It's not that perl programmers are idiots, it's that the language rewards idiotic behavior in a way that no other language or tool has ever done. --Erik Naggum
What does this Chief Wiggum, er, Erik Naggum know about PERL anyways?!
_P_erl _E_eez _R_eallllly _L_ovable. :) By the way your quote brought to
the forward hanging, thin branch of thought on the tip of my cortical
cortex in the pink matter left of the grey matter, or something, this:
It's not that MACOS USERS are idiots, it's that the OS rewards idiotic
behavior in a way that no other OS or SOFTWARE [ever has]. --Peter Leftwich
(For the record, I think very highly of Apple *hardware*, it's the OS that
makes me feel very claustrophobic, and it's the software that, well, the
software that is nowhere to be found except in scant quantities across the
globe! *grins* So hurry up and write a FreeBSD for the G4 architecture!)
> KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
> http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
> GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
> My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
> Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Hope this has been as fun for y'all as it hath fer me.
--
Peter Leftwich
President & Founder
Video2Video Services
Box 13692, La Jolla, CA, 92039 USA
+1-413-403-9555
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020419203037.S39174-100000>