Re: FreeBSD Security Survey


On May 21, 2006, at 11:55 , Colin Percival wrote:

The Security Team has been concerned for some time by anecdotal reports
concerning the number of FreeBSD systems which are not being promptly
updated or are running FreeBSD releases which have passed their End of
Life dates and are no longer supported. In order to better understand
which FreeBSD versions are in use, how people are (or aren't) keeping
them updated, and why it seems so many systems are not being updated, I

I have a 6-STABLE box that is not going to be updated to 6.1 any time soon, because my personal mail will have to be offline while I do so --- including nuking and rebuilding all ports because the ports tree has been thrashed by multiple low level updates that affect a large percentage of the tree --- and it's only a 600MHz box so it will be offline for most of a week during that upgrade. And I'm uncertain how downgrading it to 6.0-RELEASE+security patches will complicate things (downgrading via cvsup/buildworld is not a supported option, last I checked). Granted, I probably should have stuck with 6.0-R --- but then, experience has shown me that the more reliable option is to wait a week or two after release and then install -STABLE.

In short: keeping FreeBSD up to date tends to be painful at best.

--
brandon s. allbery [linux,solaris,freebsd,perl] allbery@xxxxxxxxx
system administrator [openafs,heimdal,too many hats] allbery@xxxxxxxxxxx
electrical and computer engineering, carnegie mellon university KF8NH



_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: FreeBSD Security Survey
    ... concerning the number of FreeBSD systems which are not being promptly ... because my personal mail will have to be offline while I do so --- including nuking and rebuilding all ports because the ports tree has been thrashed by multiple low level updates that affect a large percentage of the tree --- and it's only a 600MHz box so it will be offline for most of a week during that upgrade. ... And I'm uncertain how downgrading it to 6.0-RELEASE+security patches will complicate things (downgrading via cvsup/buildworld is not a supported option, ...
    (freebsd-stable)
  • Re: gettext/GPLv4 virus infects FreeBSD
    ... remember that the FreeBSD ports tree is not branched. ... You might find it easier jpd, by cutting down the time spent calling ... We don't play the blame game here. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: FreeBSD or OpenBSD
    ... > Should I make the switch from FreeBSD to OpenBSD for my servers? ... OpenBSD has proactively rabid security. ... negates the advantage of FreeBSD's larger ports tree for a server. ... Source upgrades (OpenBSD offers no official support for the ...
    (freebsd-questions)
  • Xorg 7.3 Works Fine Now - But .. A Few More Questions
    ... no longer being in he ports tree. ... Current Operating System: FreeBSD ozzie.tundraware.com 6.2-STABLE FreeBSD ... Module "ramdac" already built-in ...
    (freebsd-questions)
  • Re: Update Utility
    ... |>Subject: Re: Update utility ... |>> Is there any utility in FreeBSD 4.9 to check for possible updates/bug ... |>other than if you find a security advisory, you have to have the src ... |>since most daemons/applications are from ports, keeping your ports tree ...
    (freebsd-questions)