Re: Re: [Q] distribution of patched binaries for security fixes.

From: Olivier Cortes (olive@deep-ocean.net)
Date: 07/26/01


Date: Thu, 26 Jul 2001 15:19:48 +0200
From: Olivier Cortes <olive@deep-ocean.net>
To: freebsd-security@freebsd.org

On Thu, Jul 26, 2001 at 04:36:57AM -0700, Kris Kennaway wrote:
> There are any number of tools you can use to distribute files: tar +
> scp, rsync, cvsup, 'make release' to make a full installation mirror,
> etc. If you want to automate the installation further you could
> create your own packages using pkg_create: this is very easy to do if
> you use the ports framework.

Here i make heavy use of rsync + scp tu update my web sites mirror.
i didn't thought about it to sync my systems...

saying that every BSD machine is in securelevel 2 with
[/usr]/[s]bin[/*] chflaged to schg, do you think that "pkg_create" is a
better solution than make world on every one ? (i've got 4 FreeBSD
4.3-STABLE).

[i remember some persons didn't agree with this protection method. do
you have any URL to point me to in order to discuss this subject
(again ?)]

with pkg_create, do i pack the binaries ? do i pack everything in the
dirs mentioned before ? how to trace only the changed binaries (the
cvsup log ?) ?

which method do you prefer ? (for now i make world everywhere...) is
there any URL or doc where some of them are already discussed (in
order not to spend your time on it) ?

regards,

---
Olivier Cortes
free software admin
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message