On Thu Jan 02, 2003 at 02:29:24PM -0800, Brook Humphrey wrote: > > Does this same thing happen if you install of the Mandrake-supplied 9.0 > > ISOs and then apply the updates after the fact? Obviously I have no > > idea what has changed with your ISOs and although I suspect the updates > > shouldn't break anything with the installer/installation, it isn't > > anything we test, for obvious reasons (time being the biggest factor). > > There is nothing else in updates that would have anything to do with > > DHCP, and the initscripts thing is a bit of a stretch, so I'm not > > convinced this is a problem from the security updates. Maybe drakconf > > has something to do with connection sharing; I don't know... I don't > > use connection sharing myself. > > To explain this better. I don't remember if I tried mandrake 9.0 and then > applied the updates but the stock 9.0 worked just fine as that is what I was > using till I used this updated iso image. I may have run the security updates > but i cant remember and I can test for this if you like. As for my iso it is > the stock mandrake 9.0 installer. All I did was add the current security > updates as of about a week ago to the installer and then ran gendistrib and > makecd.
If you can test if this happens with a plain 9.0 system with the updates applied post-install (don't install them during the installation, but try after you've booted into the computer using urpmi). That will help to narrow things down. Optionally, just try to upgrade the drakxtools package first and see if it breaks things; ie. setup connection sharing first, make sure it works, install the drakxtools update, then see if it's broken. It would help to know exactly what package is causing the problem. > I don't usually like to install the updates when they deal with anything net > related because it breaks some part of my network. for mandrake 8.1 and 8.2 > as noted below it would break only older Mac clients. they simply could not > access the internet anymore even with static ip's. This is just plain wierd. I really have no clue why it would affect only older Mac machines (what are they running? OS 9? OS 8? System 7?) > > I really would need some examples here. You're making a pretty general > > statement. All of my web servers run 8.2 and all run with current > > updates and there is nothing broken there. I've also got a few > > machines here running 9.0 and they are all current with updates. > > Granted, not all of these machines do "everything"... ie. each machine > > isn't a printer server, file server, web server, mail server, proxy > > server, ad naseum. You get the picture. I've got some regular > > web/mail/DNS/etc. servers that run with high uptimes, and desktop > > machines running 9.0 with no problems. They're not insecure default > > installs... they're defaults with updates. I haven't noticed anything > > broken, and if I did notice anything broken, rest assured they would be > > fixed rather quickly. > > > > So some examples here would be nice. I get very little feedback on > > security updates, so if there are some monumental problems, I'm not > > aware of them. If I'm not aware of them, I can't fix them. > > No the only real problems I've noticed are with connection sharing. Samba, > print, file, mail, web, ftp, squid, privoxy all worked just fine only > connection sharing gets broken witch is what baffles me even more about it. > And for me I do run a main server that does all those things. I run stuff on > other servers also but for me I'm running no big network and don't need > multiple servers for all these things. Unfortunately neither do most of my > clients as they are small companies. Well really if I do sell the next one it > will be only two that I have set up. One for my city (who went with redhat > and left me to install qmail for them) and the one I'm bidding on witch will > be for the local paper. Ok, so everything is pretty much solid except for connection sharing? Then I'm suspecting drakxtools as I think that package has the connection sharing stuff in it (someone correct me if I'm wrong). I don't have a large network either, but I think I may have a typical "corporate" network, if scaled down a bit. I've got a few machines running 8.2 in a DMZ, my LAN behind a hardware firewall with it's own servers (have an intranet website, MySQL, SMTP, FTP, etc.). Then I have a wireless network behind yet another firewall that does MAC-based filtering (although I run my home office in a smaller neighbourhood with mostly old people, I don't want people sitting outside my house to get access to the internet or my LAN). It's also a mixed environment with mostly Mandrake systems, but one dual-boot Windows machine and a few OS X-based systems that also dual-boot cooker or 8.2/PPC. No old Mac machines here, and no connection sharing tho. > > Ok, well, I don't use connection sharing so I don't know about that. > > Looking at the SRPMS in 9.0 and 8.2 updates, if it's broken in both as > > you indicate, I'm suspecting drakxtools, but correct me if I'm wrong. > > Not having used connection sharing, I'm not sure what package might be > > the culprit. Also, on a side note, the drak* tools updates are > > provided to me by the authors/developers. Those updates are not > > mine... I just rebuilt what I was given and tested it on my systems > > (not every conceivable scenario with them, however). If these problems > > were reported to the developers, then they never sent me anything to > > fix those packages with. > > > > But I find it strange that this is the first I'm hearing of these > > (IIRC). > Yes I guess that could be with drakx. Maybe why you have not heard is because > connection sharing seems to be used mostly by home users. I find it popular > with some of my clients because they want a desktop to look at. I guess it's > a comfort thing but they like it when it more or less acts like a windows > box. If they want a firewall they get a 300$ linksys and configure that > through the web interface. So I have not seen a market in my area at all for > snf or mnf. I do understand Vincent about not being able to test everything. > I have talked to many times in the past about joining the secteam and I still > have the signup form maybe I should go ahead and send it over if you still > need or want the help. If you can commit the time (and I'm quite serious about that... I only want people who can pull their weight), then by all means fax the form to me. I'll send you the fax number in a separate email. I also know what you mean about SNF/MNF... for the "un-initiated", it might seem to be simpler to buy a hardware appliance. I know I do that for myself; it's just one less thing to maintain. =) However, I also know enough not to rely 100% on the hardware firewalls, no matter how good they sound (unless you get into the more expensive ones). Anyways, the fact that connection sharing is used primarily by home users shouldn't have any bearing on reports coming back to MandrakeSoft regarding bugs. We don't want/expect bug reports from just corporate users. > > You need to narrow down what is causing the problem. Is it, in both > > cases, just this connection sharing business? Is this what's causing > > your DHCP problem do you think? > > I think I covered this above but yes it's only with connection sharing. Ok... that is a start. I'd really like to see this fixed. > > I don't think this is the reason "Corporate America" is using RedHat or > > SuSE as opposed to Mandrake. Those distros have had their fair share > > of "breakage" due to updates as well. These things just *happen*. It > > might be a little less with RH and SuSE however, but their (paid) > > security teams (possibly QA as well) are probably 5x the size of ours, > > which makes a difference. I'm not using that as a crutch or excuse, > > just plain fact. I think the big difference here is not in the quality > > of updates but that RH and SuSE are more server-oriented than Mandrake > > is. They have server products; we don't (other than SNF/MNF but those > > are more appliance-based, not server-based). > > I know but I keep talking to others who do this for a living on a much larger > scale and I always pitch mandrake to them but I get allot of well ibm doesn't > support it so we put redhat on it kinda garbage. I know quite a few freelance > network admins around the world. IBM supports RH? Or RH supports RH? I think it's the latter. IBM may advertise their servers as being supportive *of* RH, basically implying that RH works on them. I know for fact that the Netfinity servers (not sure of the model, but I can find out for you), do run Mandrake 8.2 at least, and run it well. My father, at his work, had two Netfinity servers running Mandrake to get company email received on them, scanned, and fired off to an Exchange server internally. > > We welcome your help! I can always use another person or two (for > > obvious reasons, the volunteer secteam has to be a small but dedicated > > group) in secteam. If you have the ability/time/desire to test updates > > on older distribs, please offer your services. I would be more than > > happy to consider those folks who meet the requirements (secteam is not > > like cooker by any means!). > > Thanks Vincent. I offered above before I read this. Just let me know were to > fax the secteam form to. I will. > > I'm also open to suggestions on better bug reporting for updates. If > > sending an email to [EMAIL PROTECTED] is too difficult to get > > a hold of me directly, then I welcome other suggestions for how a > > person should report these bugs. Due to time constraints, I don't read > > Forum and I don't live on MandrakeExpert, so any problems reported > > there either need to be forwarded to me or cc'd to me in the first > > place. What else can be done? > > > > > Thanks for the time. > > > > Thanks for the comments. I do try to make the updates as "perfect" as > > possible, and if there are problems with them, they do need to be > > corrected and I try to be as responsive to legitimate issues as > > possible. > > I know Vincent that is why I was trying to state above that I like your work. > Maybe this a bit of frustration about many things for me. I'm sorry if it > came out wrong or if it sounded harsh. I really try to support this distro > allot mostly with my own money. As stated I don't get even the little > network jobs very often but I sure do hate talking to others and getting > redhat thrown back in my face all the time. I like this distro thats why I'm > here. I really want to help make it better. Kinda what frustrated me a little > was in my first email I offered to help and got no response. I mean I was > offering. Well, it gets frustrating from both ends I suspect. Users may have issues with quality problems in some packages and instead of reporting it to me or someone else at MandrakeSoft, they report it to their friends and peers instead. This doesn't really help to improve the updates. =) I don't know if opening up another Bugzilla/Anthill interface for old distribs is the answer or not. I believe that QA Bugzilla is intended entirely for cooker, and as a result posting old bugs there probably isn't a good idea. Maybe something for old distribs is required, I don't know. Maybe a forum on Club or something with a moderator who can forward pertinent/valid problems to me. Or an addition to MandrakeExpert to report bugs. Not sure what the best way for this would be, or maybe increasing the exposure of the [EMAIL PROTECTED] address to let people know it's not only for security problems. Something to think about at any rate. > Anyway I would like to help. Thanks. Thank *you* for wanting to help. =) My fax number is on it's way to you directly. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg84923/pgp00000.pgp
Description: PGP signature
