From owner-freebsd-hackers  Fri Jun 21  7:51:42 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from tinker.exit.com (tinker.exit.com [206.223.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id D9AD037B41F
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 21 Jun 2002 07:51:26 -0700 (PDT)
Received: from realtime.exit.com (realtime [206.223.0.5])
	by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g5LEpF48071608;
	Fri, 21 Jun 2002 07:51:15 -0700 (PDT)
	(envelope-from frank@exit.com)
Received: from realtime.exit.com (localhost [127.0.0.1])
	by realtime.exit.com (8.12.3/8.12.2) with ESMTP id g5LEpEac016471;
	Fri, 21 Jun 2002 07:51:14 -0700 (PDT)
	(envelope-from frank@realtime.exit.com)
Received: (from frank@localhost)
	by realtime.exit.com (8.12.3/8.12.3/Submit) id g5LEpDYL016466;
	Fri, 21 Jun 2002 07:51:13 -0700 (PDT)
From: Frank Mayhar <frank@exit.com>
Message-Id: <200206211451.g5LEpDYL016466@realtime.exit.com>
Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ?
In-Reply-To: <20020621004953.A80059@xor.obsecurity.org>
To: Kris Kennaway <kris@obsecurity.org>
Date: Fri, 21 Jun 2002 07:51:13 -0700 (PDT)
Cc: Frank Mayhar <frank@exit.com>,
	Patrick Thomas <root@utility.clubscholarship.com>,
	freebsd-hackers@FreeBSD.ORG
Reply-To: frank@exit.com
X-Copyright0: Copyright 2002 Frank Mayhar.  All Rights Reserved.
X-Copyright1: Permission granted for electronic reproduction as Usenet News or
 email only.
X-Mailer: ELM [version 2.4ME+ PL98b (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Kris Kennaway wrote:
> On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote:
> > Kris Kennaway wrote:
> > > Surely it's easier to just upgrade the apache port, instead of
> > > recompiling your kernel and the entire OS.
> > Not always.  (I'm running an old version of Covalent Raven SSL and I'm
> > loathe to upgrade.  "If it works, don't fix it" and there are only so
> > many hours in a day.)
> The exact same argument can be made for not upgrading the OS, which is
> a much larger endeavour and can potentially screw things up much
> worse.

Yep.  Which is why the only times I've upgraded the kernel on my production
boxes have been when there is a critical fix that I _had_ to install, usually
a security fix.
-- 
Frank Mayhar frank@exit.com	http://www.exit.com/
Exit Consulting                 http://www.gpsclock.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message