From owner-freebsd-security Fri Apr 19 17:50:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by hub.freebsd.org (Postfix) with ESMTP id A72E337B419; Fri, 19 Apr 2002 17:50:16 -0700 (PDT) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 1799428C34; Fri, 19 Apr 2002 20:50:16 -0400 (EDT) Date: Fri, 19 Apr 2002 20:50:16 -0400 (EDT) From: Peter Leftwich X-X-Sender: To: "Karsten W. Rohrbach" Cc: Brett Glass , Doug Barton , FreeBSD Security LIST Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip In-Reply-To: <20020420022630.C88054@mail.webmonster.de> Message-ID: <20020419203037.S39174-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Apr 2002, Karsten W. Rohrbach wrote: > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip {My lord! Is this thread still alive?! The security@freebsd.org list is for legitimate, authoritative notices only is it not...} > Brett Glass(brett@lariat.org)@2002.04.19 16:12:33 +0000: > > At 04:07 PM 4/19/2002, Doug Barton wrote: > > >I long ago forgot what it was like to be a new FreeBSD user, questions@freebsd.org > > This is part of the problem here. We should care a lot about newcomers' experience, and respect the fact that no matter how bright they are they cannot learn everything at once. Expecting a new user to master CVSup is unreasonable. Hi Karsten. The FreeBSD (and most *nix OS folk) community *does* care tons about newcomers. It's the newcomers that make demands, snap judgments, and ask endless questions without RTFM or RTFMOTT (... once told to) that are disliked and as such scolded, often somewhat harshly but -- well, you gadda make an example. :) Besides, nobody expects anyone to "master" any command (cvsup for example). That is unreasonable and everyone would agree; Are you confusing goals with inferences? For example, Jane J. wishes to master (or mistress) the grep command, so she posts to a list "How do I use grep?" Someone replies "man grep" and Jane J. gets all fussy because this cold-hearted posting person is somehow impeding her from becoming "Grep Expert of the Planet." *lol* > brett, i'm sorry, but reading this thread made me think about the days when i started using freebsd and set up my first server. after being left alone at a root user prompt "# " i learned how to configure the stuff in /etc, that docs are in /usr/share/doc, how to install packages, and then how to cvsup (for building upt to date versions out of the ports tree). I always log in as root - The thinking is... rm doesn't scare me one bit! :) > in my personal opinion, i find the RPM or binary-only distribution mechanism very dangerous for users, because it is mainly the microsoft approach to hide software complexity behind an interface the user has to trust. i personally do not trust binary package systems (although i am forced to use them sometimes), nor do i blindly trust the ports tree. yes, i mean i _read_ the make files and view the output of the make process before installing a port the first time on one box. then i make a package out of it. that's all personal preference, yes. Don't know practically nuttin about RPM, but if you are concerned about security and customizable control of pkg_add, remember the following: You can *always* just ftp the package (a tarball, or somecommandhere_3.1.1.tgz) to your box, gunzip and untar the contents... edit them in your favorite editor and then "make" or "make clean" or "make install" manually (you can tell beyond a certain point in this sentence I know not about what I speak)! > IMVHO, what would be a good thing[tm] for the source dist (/usr/src) is a Changelog file, containing the history of major fixes/enhancements to the currently installed sources. it would be very easy to write a little wrapper that saves /usr/src/Changelog (or maybe even a whole hierarchy of subsystem Changelogs) to a backup and then diffs out the changes after the update completed. this gives at least some overview about what has changed and where to look for potential breakage. it would be very good, if some of the committers could comment on that. > regards, > /k No comment. (Uninformed.) > > It's not that perl programmers are idiots, it's that the language rewards idiotic behavior in a way that no other language or tool has ever done. --Erik Naggum What does this Chief Wiggum, er, Erik Naggum know about PERL anyways?! _P_erl _E_eez _R_eallllly _L_ovable. :) By the way your quote brought to the forward hanging, thin branch of thought on the tip of my cortical cortex in the pink matter left of the grey matter, or something, this: It's not that MACOS USERS are idiots, it's that the OS rewards idiotic behavior in a way that no other OS or SOFTWARE [ever has]. --Peter Leftwich (For the record, I think very highly of Apple *hardware*, it's the OS that makes me feel very claustrophobic, and it's the software that, well, the software that is nowhere to be found except in scant quantities across the globe! *grins* So hurry up and write a FreeBSD for the G4 architecture!) > KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie > http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ > GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 > My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ > Please do not remove my address from To: and Cc: fields in mailing lists. 10x Hope this has been as fun for y'all as it hath fer me. -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message