Hello: Apologies is this is a bit off topic for pf, but I wanted to get the OpenBSD firewall gurus opinions. What is the preferred method for keeping an OpenBSD firewall boxen patched and the os upgraded?
It's generally not considered "best practice" to have compilers available on security sensitive applications. Patches can be compiled inot binaries on a secure box and copied to production boxen, but os upgrades can get a bit unweildy with this approach. So this seemsm to leave doing install and selecting upgrade option, and merging /etc.... Or one can cvsup the source tree and compile. The latter is what I usually do, as I feel pretty confident that OpenBSD isn't going to get hacked, but am curious as to what others think w.r.t. boxes that might be of special interest to the black hats... TIA-- -- Best regards, Ken Gunderson PGP Key-- 9F5179FD "As we enjoy great advantages from inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously." --Benjamin Franklin
