Wilko Bulte wrote:
On Sat, Dec 17, 2005 at 01:54:34PM -0800, Joe Rhett wrote..
On Fri, Dec 16, 2005 at 12:04:05AM -0700, Scott Long wrote:
There will be three FreeBSD 6 releases in 2006.
While this is nice, may I suggest that it is time to put aside/delay one
release cycle and come up with a binary update mechanism supported well by
the OS? Increasing the speed of releases is good. Increasing the number
of deployed systems out of date because there are no easy binary upgrade
mechanisms is bad.
It has been bad, it's getting worse.
So, when will you fix it? Or hire someone to fix it? FreeBSD after
all is mostly a volunteer operation.
I agree. And after all, tracking a security branch isn't too difficult,
but the most people think that they have to do a complete "make
buildworld" after a security advisory, but this isn't true. For example
there was that cvsbug issue in September:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
One can read here:
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/cvs/cvsbug
# make obj && make depend && make && make install
# cd /usr/src/gnu/usr.bin/send-pr
# make obj && make depend && make && make install
Is that difficult? I don't think so. No reboot required and it doesn't
take more than 5 minutes even on a slower machine. Only the
vulnerabilities in the kernel are problematic for servers, since they
require a reboot. I think I'll submit a PR with a patch to clarify this
in Handbook. Do you consider this useful?
Regards,
Gabor Kovesdan
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
