On Mon, 29 May 2006 13:35:39 +0100
Craig Edwards <[EMAIL PROTECTED]> wrote:
> I was thinking more of the time-to-repair of a broken install,
> rather than a broken python or perl program, for example if your
> perl site-perl folder gets damaged, or your python compiled libs
> become ABI 'incompati
Quoth Garance A Drosihn on Thu, May 25, 2006 at 15:19:20 -0400
> This thread started because *Colin* set up a security
> survey. He *already* realizes that the project needs to
> do something so that more people are willing and able to
> apply security fixes once the project comes up with
> them.
I was thinking more of the time-to-repair of a broken install, rather
than a broken python or perl program, for example if your perl site-perl
folder gets damaged, or your python compiled libs become ABI
'incompatible' somehow (say due to a g++ upgrade?).
In this case, both python *and* perl a
On Wed, May 24, 2006 at 11:20:08AM +0100, Craig Edwards wrote:
> I agree, however, i do not like the gentoo dependency upon python for
> its package management system. It has not broken on me yet, however i
> can imagine if it does it would be a nightmare to fix, as python is
> not a trivial progra
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Garance A Drosihn wrote:
> At 2:45 PM -0400 5/24/06, Allen wrote:
>> Did you just tell him to get another computer for each arch
>> to have as a build machine???
>>
>> Being a broke college student I don't think that's something
>> I'd ever do to in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Allen wrote:
>>
>
>
> Did you just tell him to get another computer for each arch to have as a
> build machine???
Yes I did...
>
> Being a broke college student I don't think that's something I'd ever do to
> install updates on my boxes.
> I c
At 9:28 AM +0100 5/25/06, Yann Golanski wrote:
Quoth Garance A Drosihn on Wed, May 24, 2006 at 15:40:23 -0400
>> The answer is: build host + jails for a testing environment...
> >> This'll reduce your actual downtime.
> >
> > Did you just tell him to get another computer for
> > each arch
Quoth Garance A Drosihn on Wed, May 24, 2006 at 15:40:23 -0400
> >> The answer is: build host + jails for a testing environment...
> >> This'll reduce your actual downtime.
> >Did you just tell him to get another computer for each arch
> >to have as a build machine???
> >
> >Being a broke college s
On Wed, 24 May 2006 15:40:23 -0400
Garance A Drosihn <[EMAIL PROTECTED]> wrote:
> At 2:45 PM -0400 5/24/06, Allen wrote:
> > >
> > > It really depends on how many machines you have, on how
> > > many different tasks they have and on which archictures
> > > you're running.
> > >
> >> The answ
At 2:45 PM -0400 5/24/06, Allen wrote:
>
> It really depends on how many machines you have, on how
> many different tasks they have and on which archictures
> you're running.
>
The answer is: build host + jails for a testing environment...
This'll reduce your actual downtime.
Did you j
On Wed, 24 May 2006 10:33:07 +0200
Marian Hettwer <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hej Yann,
>
> Yann Golanski wrote:
> > Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700
> >
> >>Peter Jeremy wrote:
> >>
> >>>One of the major problems wi
On Wed, 24 May 2006, Craig Edwards wrote:
Come to that, gentoo's emerge system is pretty good, having learnt a lot
from FreeBSD's ports system, and then gone a few steps further.
Andrew
I agree, however, i do not like the gentoo dependency upon python for its
package management system. It
Come to that, gentoo's emerge system is pretty good, having learnt a lot
from FreeBSD's ports system, and then gone a few steps further.
Andrew
I agree, however, i do not like the gentoo dependency upon python for
its package management system. It has not broken on me yet, however i
can ima
On Wed, 24 May 2006, Constantine A. Murenin wrote:
On 23/05/06, Roger Marquis <[EMAIL PROTECTED]> wrote:
All that said FreeBSD's ports are still the reference
implementation, head-and-shoulders better than up2date, yum, rpm,
apt-get, or anything else out there.
I guess you haven't looked at O
On 23/05/06, Roger Marquis <[EMAIL PROTECTED]> wrote:
All that said FreeBSD's ports are still the reference
implementation, head-and-shoulders better than up2date, yum, rpm,
apt-get, or anything else out there.
I guess you haven't looked at OpenBSD's branch of FreeBSD's
pkg_add(1), where they'v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hej Yann,
Yann Golanski wrote:
> Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700
>
>>Peter Jeremy wrote:
>>
>>>One of the major problems with unattended/automatic updating is
>>>that it is hard to filter them.
>>
>>It's hard to make a good
On Tue, 2006-May-23 08:53:00 -0700, Roger Marquis wrote:
>Peter Jeremy wrote:
>>One of the major problems with unattended/automatic updating is
>>that it is hard to filter them.
Actually, I didn't.
--
Peter Jeremy
___
freebsd-security@freebsd.org maili
Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700
> Peter Jeremy wrote:
> >One of the major problems with unattended/automatic updating is
> >that it is hard to filter them.
> It's hard to make a good case for automatic updates when manual
> updates are so easy.
So, here is a question:
Peter Jeremy wrote:
One of the major problems with unattended/automatic updating is
that it is hard to filter them.
It's hard to make a good case for automatic updates when manual
updates are so easy. The main area this could be improved on would
be in a daily report, emailed to root, detailing
> If you are using portupgrade, you can use /usr/local/etc/pkgtools.conf
>
> MAKE_ARGS = {
> 'databases/mysql41-*' => [
> 'WITH_CHARSET=latin2',
> 'WITH_XCHARSET=all',
> 'WITH_OPENSSL=yes',
> 'OVERWRITE_DB=no',
> ],
> }
>
> AFTERINSTALL = {
Clemens Renner wrote:
In a different corner is portupgrade which basically constitutes a
highly usable tool but has minor annoyances that really complicate
things. For example, when upgrading MySQL -- even with mysql_enable=YES
in rc.conf, portupgrade will stop the sever but not restart it. Is
[EMAIL PROTECTED] wrote:
Might be wrong, but anything "auto-magic" sounds like not a very good
idea, saves time probably in the short term, but I''m not sure that's
what you want...
Notwithstanding the dangers, I suspect it is an idea
who's time has come - for security as well. It is
what ha
05:23:50 1000
To: FreeBSD User
Subject: Re: FreeBSD Security Survey
On Mon, 2006-May-22 15:20:11 -, FreeBSD User wrote:
> Since time is always and issue, if the system could by default
> (without an admin having to write scripts and/or apps, or manually
> update) update
On Tue, May 23, 2006 at 04:39:38AM +0200 I heard the voice of
Clemens Renner, and lo! it spake thus:
>
> For example, when upgrading MySQL -- even with mysql_enable=YES in
> rc.conf, portupgrade will stop the sever but not restart it. Is
> there any plausible reason for this behaviour?
In the inte
Finally, it only takes one security failure in the update process for
someone undesirable to "own" all the FreeBSD machines that have been
left in this default mode. Despite the best efforts of FreeBSD
developers, FreeBSD will always contain bugs and some of them will
be security holes. Any au
As an administrator, time is always an issue. FreeBSD has proven
itself time and again. Having said that, one "wish" would be to
have
a default/built-in security update mechanism.
Since time is always and issue, if the system could by default
(without an admin having to write scri
On Tue, 23 May 2006 05:23:50 +1000
Peter Jeremy <[EMAIL PROTECTED]> wrote:
>
> I think it would substantially reduce the reliability and security.
As opposed to people not installing patches in the first place because it takes
to long?
-Allen
___
fre
On Mon, 2006-May-22 15:20:11 -, FreeBSD User wrote:
> Since time is always and issue, if the system could by default
> (without an admin having to write scripts and/or apps, or manually
> update) update itself for both system and installed ports/packages, it
> likely would reduce securi
As an administrator, time is always an issue. FreeBSD has proven
itself time and again. Having said that, one "wish" would be to have
a default/built-in security update mechanism.
Since time is always and issue, if the system could by default
(without an admin having to write scri
On Mon, May 22, 2006 at 12:06:54AM -0400, Brandon S. Allbery KF8NH wrote:
>
> On May 21, 2006, at 11:55 , Colin Percival wrote:
>
> >The Security Team has been concerned for some time by anecdotal
> >reports
> >concerning the number of FreeBSD systems which are not being promptly
> >updated or
On Mon, 22 May 2006 11:40:16 +0200
Marian Hettwer <[EMAIL PROTECTED]> wrote:
> > ports tree in the process, the end result is a bit more undefined. One
> > thing that I wish for is that the ports tree would branch for releases,
> > and that those branches would get security updates. I know that
On Sun, 2006-05-21 at 23:44 -0600, Scott Long wrote:
> ports tree in the process, the end result is a bit more undefined. One
> thing that I wish for is that the ports tree would branch for releases,
> and that those branches would get security updates. I know that this
> would involve an expone
Hi,
We don't use binary update as we use custom kernels.
We're using portaudit for security flaw with the installed ports but I don't
think there is any equivalent for the base and kernel? I'm subscribed and
I'm monitoring the FreeBSD Security Advisories mailing-list but there is (as
far as I kn
On Monday 22 May 2006 01:44, Scott Long wrote:
> Brent Casavant wrote:
> > On Sun, 21 May 2006, Colin Percival wrote:
> >>In order to better understand
> >>which FreeBSD versions are in use, how people are (or aren't)
> >> keeping them updated, and why it seems so many systems are not
> >> being up
Brent Casavant wrote:
On Sun, 21 May 2006, Colin Percival wrote:
In order to better understand
which FreeBSD versions are in use, how people are (or aren't) keeping
them updated, and why it seems so many systems are not being updated, I
have put together a short survey of 12 questions.
I a
On Sun, 21 May 2006, Colin Percival wrote:
> In order to better understand
> which FreeBSD versions are in use, how people are (or aren't) keeping
> them updated, and why it seems so many systems are not being updated, I
> have put together a short survey of 12 questions.
I applaud this survey, h
On May 21, 2006, at 20:55, Colin Percival wrote:
If you administrate system(s) running FreeBSD (in the broad sense
of "are
responsible for keeping system(s) secure and up to date"), please
visit
http://people.freebsd.org/~cperciva/survey.html
and complete the survey below before May 31st,
On May 21, 2006, at 11:55 , Colin Percival wrote:
The Security Team has been concerned for some time by anecdotal
reports
concerning the number of FreeBSD systems which are not being promptly
updated or are running FreeBSD releases which have passed their End of
Life dates and are no longer s
On Mon, 22 May 2006 12:43:47 +0200
Marian Hettwer <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Ion,
>
> Ion-Mihai IOnut Tetcu wrote:
>
> >>I have to agree on that statement. I would love to see branched ports.
> >>This can get very important on servers, we
Brent Casavant wrote:
On Sun, 21 May 2006, Colin Percival wrote:
So, in short, that's why *I* rarely update ports for security reasons.
There are steps that could be taken at the port maintenance level that
would work well for my particular case, however that's beyond the
scope of the survey.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ion,
Ion-Mihai IOnut Tetcu wrote:
>>I have to agree on that statement. I would love to see branched ports.
>>This can get very important on servers, were you don't want to have
>>major upgrades, but only security updates.
>>I guess it's a question
My experience is similar to that of others, with one
variation - I've never been able to successfully install
from packages, and at best have found that half way
through, some port gets dragged in, and I've gradually
been sucked into replacing everything with ports.
( Which is fine, for the most
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
Scott Long wrote:
> Brent Casavant wrote:
>
>> While I find ports to be the single most useful feature of the FreeBSD
>> experience, and can't thank contributors enough for the efforts, I on
>> the other hand find updating my installed por
43 matches
Mail list logo
