From Scott Long [EMAIL PROTECTED], Sun, May 21, 2006 at 11:44:27PM -0600:
I share this frustration with you. I was once told that the pain in
upgrading is due largely to a somewhat invisible difference between
installing a pre-compiled package, and building+installing a port. In
theory, if
On 5/22/06, Colin Percival [EMAIL PROTECTED] wrote:
If you administrate system(s) running FreeBSD (in the broad sense of are
responsible for keeping system(s) secure and up to date), please visit
http://people.freebsd.org/~cperciva/survey.html
and complete the survey below before May 31st,
On May 21, 2006, at 22:41, David Nugent wrote:
A good failover strategy comes into play here.
If you have one, then taking a single production machine off-line
for a short period should be no big deal, even routine, and should
not even be noticed by users if done correctly. This should
On Monday 22 May 2006 01:44, Scott Long wrote:
Brent Casavant wrote:
On Sun, 21 May 2006, Colin Percival wrote:
In order to better understand
which FreeBSD versions are in use, how people are (or aren't)
keeping them updated, and why it seems so many systems are not
being updated, I have
At 08:09 PM 5/21/2006, Kris Kennaway wrote:
We did ourselves a big disservice by not pointing out clearly in the
todo list that most of the listed problems are VERY RARE and are
unlikely to affect most/all users. In future we're going to have to
be clearer about that, because you're not the
Hi,
We don't use binary update as we use custom kernels.
We're using portaudit for security flaw with the installed ports but I don't
think there is any equivalent for the base and kernel? I'm subscribed and
I'm monitoring the FreeBSD Security Advisories mailing-list but there is (as
far as I
On Sun, 2006-05-21 at 23:44 -0600, Scott Long wrote:
ports tree in the process, the end result is a bit more undefined. One
thing that I wish for is that the ports tree would branch for releases,
and that those branches would get security updates. I know that this
would involve an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
Scott Long wrote:
Brent Casavant wrote:
While I find ports to be the single most useful feature of the FreeBSD
experience, and can't thank contributors enough for the efforts, I on
the other hand find updating my installed ports
ports tree in the process, the end result is a bit more undefined. One
thing that I wish for is that the ports tree would branch for releases,
and that those branches would get security updates. I know that this
would involve an exponentially larger amount of effort from the ports
team, and
Scott Long [EMAIL PROTECTED] writes:
I share this frustration with you. I was once told that the pain in
upgrading is due largely to a somewhat invisible difference between
installing a pre-compiled package, and building+installing a port. In
theory, if you stick to one method or the other,
Scott Long [EMAIL PROTECTED] writes:
I share this frustration with you. I was once told that the pain in
upgrading is due largely to a somewhat invisible difference between
installing a pre-compiled package, and building+installing a port.
Well, the last time I saw this as a major issue was
Le 22/05/2006 11:43, Michel Talon a ?crit:
OpenBSD doesn't have next to 15000 ports. In my opinion, this richness is
one of the main assets of FreeBSD, and by necessity implies a great difficulty
to maintain everything in a coherent and secure state. You have only to
contemplate the years
On Mon, 22 May 2006 11:40:16 +0200
Marian Hettwer [EMAIL PROTECTED] wrote:
ports tree in the process, the end result is a bit more undefined. One
thing that I wish for is that the ports tree would branch for releases,
and that those branches would get security updates. I know that this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ion,
Ion-Mihai IOnut Tetcu wrote:
I have to agree on that statement. I would love to see branched ports.
This can get very important on servers, were you don't want to have
major upgrades, but only security updates.
I guess it's a question of
Brent Casavant wrote:
On Sun, 21 May 2006, Colin Percival wrote:
So, in short, that's why *I* rarely update ports for security reasons.
There are steps that could be taken at the port maintenance level that
would work well for my particular case, however that's beyond the
scope of the
On Mon, 22 May 2006 12:43:47 +0200
Marian Hettwer [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ion,
Ion-Mihai IOnut Tetcu wrote:
I have to agree on that statement. I would love to see branched ports.
This can get very important on servers, were you don't
On a 6-stable machine with sufficient RAM, i.e. no swapping and 215MB
free in 'top', I'm seeing ..
[EMAIL PROTECTED]:/home/imb# netstat -m
386/529/915 mbufs in use (current/cache/total)
384/254/638/17088 mbuf clusters in use (current/cache/total/max)
384/128 mbuf+clusters out of packet
On 05/22/06 05:40, Marian Hettwer wrote:
Scott Long wrote:
Brent Casavant wrote:
While I find ports to be the single most useful feature of the FreeBSD
experience, and can't thank contributors enough for the efforts, I on
the other hand find updating my installed ports collection (for
On 05/22/06 06:45, Steven Hartland wrote:
Brent Casavant wrote:
On Sun, 21 May 2006, Colin Percival wrote:
So, in short, that's why *I* rarely update ports for security reasons.
There are steps that could be taken at the port maintenance level that
would work well for my particular case,
On May 22, 2006, at 9:12 AM, Jonathan Noack wrote:
On 05/22/06 06:45, Steven Hartland wrote:
Brent Casavant wrote:
On Sun, 21 May 2006, Colin Percival wrote:
So, in short, that's why *I* rarely update ports for security
reasons.
There are steps that could be taken at the port
Paul Allen wrote:
...
Some speculation: I've always thought portupgrade did the Wrong
Thing(tm) by consulting the dependency graph in /var/db. Better to
merely learn which packages were installed and then exclusively use
the port information...
Well, a.o. portmaster tries just to do that.
As an administrator, time is always an issue. FreeBSD has proven
itself time and again. Having said that, one wish would be to have
a default/built-in security update mechanism.
Since time is always and issue, if the system could by default
(without an admin having to write
Charles Howse wrote:
Just curious, where are WITHOUT_X11 and WITHOUT_GUI documented? I
don't see either in /usr/share/examples/etc/make.conf, nor in man
make.conf.
Many options (not all) are described in /usr/ports/KNOBS (but withou
WITH_/WITHOUT_ prefixes)
Miroslav Lachman
On Mon, May 22, 2006 at 12:06:54AM -0400, Brandon S. Allbery KF8NH wrote:
On May 21, 2006, at 11:55 , Colin Percival wrote:
The Security Team has been concerned for some time by anecdotal
reports
concerning the number of FreeBSD systems which are not being promptly
updated or are
From Doug Hardie [EMAIL PROTECTED], Sun, May 21, 2006 at 11:48:51PM -0700:
Failover sounds good in theory but has significant issues in practice
that make it sometimes worse than the alternative. Take mail
spools. If you failover, mail the user saw before has disappeared.
Then when
On Mon, 22 May 2006, Michael Butler wrote:
On a 6-stable machine with sufficient RAM, i.e. no swapping and 215MB free
in 'top', I'm seeing ..
[EMAIL PROTECTED]:/home/imb# netstat -m
386/529/915 mbufs in use (current/cache/total)
384/254/638/17088 mbuf clusters in use
Robert Watson wrote:
This is believed to be a result of an error in the statistics
measurement logic in UMA. I've committed the attached patch to the
CVS HEAD, and am looking for feedback over the next couple of weeks
before merging to RELENG_6 (and possibly the errata branches). Any
And it's not only HR lack problem, we would need more hardware for the
package building cluster too.
A lot of us run 24/7 netted servers with spare cycles, wouldn't
be averse to allocating the idle loop to package building for
freebsd.org, but 3 problems:
- package building at prsent
On Mon, 2006-May-22 15:20:11 -, FreeBSD User wrote:
Since time is always and issue, if the system could by default
(without an admin having to write scripts and/or apps, or manually
update) update itself for both system and installed ports/packages, it
likely would reduce security
On 5/14/06, Kris Kennaway [EMAIL PROTECTED] wrote:
On Sun, May 14, 2006 at 02:28:55PM -0400, Howard Leadmon wrote:
Hello All,
I have been running FBSD a long while, and actually running since the 5.x
releases on the server I am having troubles with. I basically have a small
network
On Mon, 22 May 2006 06:50:55 +0300
Konstantin Belousov [EMAIL PROTECTED] wrote:
On Sun, May 21, 2006 at 06:22:34PM -0400, m m wrote:
n 5/21/06, Konstantin Belousov [EMAIL PROTECTED] wrote:
Program received signal SIGSEGV, Segmentation fault.
0x in ?? ()
(gdb) bt
#0
Should something like automatic security updates not be a goal? If
done correctly, and on a per-stable/version basis, it is possible to
increase security exponentially. The responsible administrator will
naturally keep ontop of all changes and fixes. But just like in the
wintel
On Mon, May 22, 2006 at 05:43:32PM -0400, Rong-en Fan wrote:
As I posted few days ago, I have similar problems like Howard's
(some details in the thread 6.1-RELEASE, em0 high interrupt rate
and nfsd eats lots of cpu on stable@). After binary searching
the source tree, I found that
On May 22, 2006, at 11:49, Allen wrote:
On my Slackware machines, it was no problem at all, I'd use wget to
grab
the patch .tgz file, then do this:
upgradepkg *.tgz
I believe there was some talk in the past of treating the base system
like a package. NetBSD has some code that does this
Hello,
I am not sure if this is the proper place to ask. Please redirect
as necessary.
I have a FreeBSD 4.7 box that I have updated the ports files. I
have tried to recompile Postfix with SASL2 and TLS and now my smtpd
is crashing with a SIGBUS when a TLS connection comes in. Prior
Hi!
A couple of months ago I've replaced ordinary installation
of 4.11-STABLE (that worked rock stable) with NanoBSD 6.0.
The task of the machine remains the same: this is a router with four em(4)
interfaces, 7 vlans and one gif(4) interface that carries IPSEC traffic
using static preshared keys.
36 matches
Mail list logo