Re: Security Announcements & Incremental Patches

From: Kris Kennaway (kris@obsecurity.org)
Date: 04/23/01 

Date: Sun, 22 Apr 2001 19:43:29 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: netch@segfault.kiev.ua

On Sun, Apr 22, 2001 at 08:21:44PM +0300, Valentin Nechayev wrote:

> It is quite simple for any qualified FreeBSD admin, including FreeBSD
> FTP site team, to make patched binaries for all supported releases for
> any security advisory and put them for free download for such admins who
> has bad compiling skills; but it is not provided now, and anyone should

No, it's not simple. You have to make sure you include all
dependencies of the change, everything the change depends on
(e.g. libraries with changes that are required by the updated
utility), and you have to test it in a variety of environments to make
sure it works as expected. It's relatively simple to make a package
from random pieces, it's quite difficult to test it and make sure that
it works.

More to the point, it takes additional time, which is always the most
scarce resource in volunteer projects. Are you willing to help test
binary security packages by reinstalling your system to a clean
installation of 4.3-RELEASE, then applying and testing the package?

Having said this, the RELENG_4_3 release branch is a step towards
allowing us to do this (since it's a known, constant base which is
expected to have few changes and therefore easy to manage
dependencies); there's the possibility of generating binary packages
for users of -RELEASE versions of FreeBSD starting with 4.3 only.

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • FreeBSD Security Advisory FreeBSD-SA-01:42.signal [REVISED]
    ... FreeBSD only: Yes ... the kernel clears the signal handlers because they are ... An experimental upgrade package is available for users who wish to ... provide testing and feedback on the binary upgrade process. ...
    (FreeBSD-Security)
  • Re: FreeBSD problems and preliminary ways to solve
    ... that they begin migration from FreeBSD to Debian/Ubuntu. ... inadequate package manager and huge monolithic base system ... I'll accept that the package management could be better and the base ... ports' maintainers to do this - the FreeBSD project just hosts the ...
    (freebsd-arch)
  • Re: New FreeBSD package system (a.k.a. Daemon Package System (dps))
    ... Recently I stumbled across a document you wrote in 2001, entitled "FreeBSD installation and package tools, past, present and future". ... I find FreeBSD appealing and I would like to contribute it its success, and as your article describes, the installation and packaging system is lacking. ... this be replaced by a single SQLite database. ...
    (freebsd-hackers)
  • Re: 6.0 post-install questions
    ... FreeBSD does package management (ports, ... whatsoever to fix things when, not if, they go wrong. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: FreeBSD or DEBIAN for remotely administered internet server
    ... What, then, do I manage better on Debain than FreeBSD? ... Program Installation / Upgrade: ... dependencies), what conflicts brings which package, etc, and I can make ... and after that install everything. ...
    (comp.unix.bsd.freebsd.misc)