Re: CDs with patched Apache?

From: Brett Glass (brett@lariat.org)
Date: 06/18/02


Date: Tue, 18 Jun 2002 09:45:52 -0600
To: Eric Anderson <anderson@centtech.com>, Sheldon Hearn <sheldonh@starjuice.net>
From: Brett Glass <brett@lariat.org>

At 07:05 AM 6/18/2002, Eric Anderson wrote:

>Maybe FreeBSD needs an "security update check" tool built into sysinstall, that
>will do something like:
>
>If system is being installed from the net, or installing packages from the net,
>automatically grab the update list, and show user possible security risks -
>possibly asking the user if they would like to upgrade their package/system
>right then.

Excellent idea!

>I think most commercial admins subscribe to the security lists, and will "do the
>right thing", but it's the other half of the FreeBSD users that I would worry
>about.

And even a professional admin can sometimes miss a notice. They're
not superhuman, y'know.

>There is a reason that almost all OS's are using this tactic to get updates and
>patches installed. If this was a seperate tool, it could be used to easily show
>the admin what packages are at risk on the box, without the need to manually
>match up pkg's installed versus packages at risk.

Not only OSes, but other products such as virus checkers, spyware checkers....
Even tax preparation programs. Nowadays, when one sells ANY product on CD,
it's a good bet that it will be stale upon arrival. This includes FreeBSD.
The installer should anticipate this, as the installers for commercial
products do.

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message