That leaves just unpackaged base as FreeBSD's remaining audit weakness.
Hi, I am happy that I can reduce your worry factor a bit ;-)
Can you share what the audit weakness is? freebsd-update cron checks
whether or not an update is available and then emails you. If you run
-RELEASE, then that means that either an EN or SA had been released..
Can you run freebsd-update on a -RELEASE system installed and maintained
with buildworld/buildkernel/installkernel/installworld?
Though it's been more than a year since the last time I tested
freebsd-update, on Virtualbox VMs, it resulted in too many bricked
systems to rely on. That may have changed but it would still be better
to build a packaged base or have reproduceable builds as lighter-weight
solutions to the base audit issue.
Roger
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
