Date: Wed, 10 Jul 2002 11:16:11 -0400 From: "Mike Jakubik" <mikej@trigger.net> To: "Fred Condo" <fred@condo.chico.ca.us> Cc: "Stable" <stable@FreeBSD.ORG> Subject: RE: sshd vs ports sshd Message-ID: <HPEHJFKBNEHFPAOFMEDDCEHLDNAA.mikej@trigger.net> In-Reply-To: <20020710143306.GC70071@absinthe.condo.chico.ca.us>
next in thread | previous in thread | raw e-mail | index | archive | help
In no way am I saying that curtail services like syslogd or inetd should be taken out. But things like openssh, sendmail, certain libs, and basically most software that is available and up to date via the ports. This kind of software is very dynamic, and new releases are made very frequently, often fixing crucial security bugs. In my experience, the ports destitutions have always been very reliable, and software from ports is much much (portupgrade vs. build world) easier to maintain and more up to date rather than something that is built in. The combination of the rock solid FreeBSD core + server software via ports to me presents an easy to maintain, stable, and secure system. If FreeBSD provided an option of a true base install, I would be a happy camper :) > -----Original Message----- > From: Fred Condo [mailto:fred@condo.chico.ca.us] > Sent: Wednesday, July 10, 2002 10:33 AM > To: Mike Jakubik > Cc: Stable; dinoex@FreeBSD.ORG > Subject: Re: sshd vs ports sshd > > > On Wed, Jul 10, 2002 at 10:08:42AM -0400, Mike Jakubik wrote: > > There seems to be a conflict in the 'sshd' user of FreeBSD's > built in sshd > > and the ports version. > > > > passwd diffs: > > 12a13 > > > sshd:(password):22:22::0:0:Secure Shell > Daemon:/var/empty:/sbin/nologin > > 21d21 > > < sshd:(password):22:22::0:0:sshd privilege > > separation:/usr/local/empty:/nonexistent > > > > IMHO: This is exactly why server software should not be > included in the base > > distribution of FreeBSD. > > > > I strenuously disagree. Should inetd be a port? Sendmail? What about > syslogd or named? Although not all should be on by default, they are > certainly essential to enough users that they should be part of the > default installation. > > The ports collection, as useful and glorious as it is, is too unstable > for software this critical. Bear in mind that the only tag on the > ports collection is HEAD; there is no conservative RELENG_4_6 for the > ports. The situation with sshd is an anomaly; basing global policy on > this experience would be a Bad Thing. > > -- > Fred Condo - fred@condo.chico.ca.us > The only normal people are the ones you don't know very well. > -- Joe Ancis > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HPEHJFKBNEHFPAOFMEDDCEHLDNAA.mikej>