In the last episode (Feb 26), Jerry said: > I am being forced to use something besides FreeBSD - probably Susie > or Red Hat Linux for the base of a server system. The primary reason > given is that when security issues come along, FreeBSD has no way of > patching the running system, but rather requires rebuilding the > system - CVSUP, make, install, etc whereas Susie and Red Hat can be > patched on the fly. I presume this means kernel type security stuff > rather than concerns about third party software.
FreeBSD can be patched on the fly just as easily as Linux. In both cases: Kernel fixes require a reboot. Fixes to running deamons require them to be restarted. Fixes to shared libraries require all running programs using them to be restarted (usually simpler to just reboot). YAST/up2date/whatever may automatically restart daemons (I know apt-get in Debian does), but for something like a libc update, the fact that the file is delivered via an RPM versus a "make install" step doesn't save you from a reboot. > My question is: How do I respond to this? I have seen the word > patch used in security update messages - but didn't follow that path. > Is that real? Does it cover kernel things essentially on the fly or > is a 'time consuming' rebuild still needed? A patch lets you fix the problem listed in the security advisory without necessarily having to do a full buildworld. The SA-07:02.bind advisory, for example, gives instructions on how to patch, rebuild, install, and restart named. -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"