Re: About the openssl hole
From: Darren Pilgrim (dmp@pantherdragon.org)
Date: 07/31/02
- Next message: Thomas Wolf: "Re: Are OpenSSL bugs related to OpenSSH ?"
- Previous message: Michael Sharp: "Re: About the openssl hole"
- In reply to: Michael Sharp: "Re: About the openssl hole"
- Next in thread: Petr Swedock: "Re: About the openssl hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Jul 2002 14:40:33 -0700 From: Darren Pilgrim <dmp@pantherdragon.org> To: Michael Sharp <freebsd@ec.rr.com>
Michael Sharp wrote:
>
> Regarding using a port to fix a core issue. I so toatally disagree.
>
> Each port/package that is installed on a FreeBSD box degrades the security
> profile in small increments. My thoughts, use core as much as you can,
> and use ports sparingly. I had 4 services exposed to the net that relied
> on the bad OpenSSL. I chose to wait out the core team to fix things. Yes,
> my website might have been down for 8 hrs, mail as well.. etc... but so
> what? However, I'm not a 1000 hit a day business either so I guess one
> could argue the wait for core/install a port issue there. But I have found
> that core typically goes right to work on a issue, and a fix is out within
> hrs.
This is quite true. However, the OpenSSH hooplah was proof that you
can't discard using ports like this across the board. It's also proof
that big bugs make big panic, which cause people to make mistakes (like
fixing and unbroken OpenSSH). Now that openssl has been patched in
stable, I will be cvsup'ing and rebuilding my world. I also had almost
no downtime while I rebuilt my third-party stuff after going to v0.9.6e
via ports. IMO, using ports like this is just like using patches on
the base. Patches work well, they do the job and can mean getting
something fixed a lot sooner than it would if you waited for core to
merge it into the tree. Use patches too much, though, and you're going
to make a mess of your system.
This is why my machine is going to be doing buildworld while I'm at
school tonight.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Thomas Wolf: "Re: Are OpenSSL bugs related to OpenSSH ?"
- Previous message: Michael Sharp: "Re: About the openssl hole"
- In reply to: Michael Sharp: "Re: About the openssl hole"
- Next in thread: Petr Swedock: "Re: About the openssl hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
