On Oct 2, 2011, at 6:11 AM, Mike Brown wrote: > Chris Rees wrote: >> Generally users are expected to pay attention to what is updated-- I >> know this isn't always the easiest task, but blindly following >> instructions is not something that is generally advocated in FreeBSD. > > Generally, yes. For a security advisory, though, I don't think it's > unreasonable for the reader to expect that the solutions and workarounds are > exactly as described, with nothing left out or assumed that every system > administrator will know. Likewise, the advisory issuer surely expects that > the > instructions they provide *will* be very strictly followed. > > Based on my own experience, I did happen to realize that a reboot would > probably be needed, but since one procedure in the advisory said to reboot > and > the other didn't, it led me to wonder if maybe there was some magic in > freebsd-update that obviated the need for a reboot. Apparently there's not; > it > was just an oversight in the instructions. > > Also, sometimes things go haywire after a reboot, especially after extended > uptime and updates to the kernel or core libraries, so I'm in the habit of > only shutting down when necessary. So if I don't see "and then reboot" in an > update procedure - and most of the time, security updates don't require it - > then I don't do it. >
Hi Mike, I do see the point you are mentioning and I will discuss this the next time we (Security Team) are preparing an advisory. Thanks Remko -- /"\ With kind regards, | [email protected] \ / Remko Lodder | [email protected] X FreeBSD | http://www.evilcoder.org / \ The Power to Serve | Quis custodiet ipsos custodes _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
