RFC: Removing file(1)+libmagic(3) from the base system
Alexander Leidinger
Alexander at Leidinger.net
Thu May 24 08:05:11 UTC 2007
Quoting Colin Percival <cperciva at freebsd.org> (from Thu, 24 May 2007
00:10:35 -0700):
> M. Warner Losh wrote:
>> I would argue that it would make the system LESS secure, because one
>> loses the ability to identify files on the system. People are going
>> to install it anyway, and it is a jump ball as to whether having it in
>> the base system would cause vulnerabilities to be updated faster than
>> having it in ports (both the actual update in the system, as well as
>> the user causing the update to happen: ports are a touch easier to
>> update, but lag a bit both in terms of people updating their ports
>> tree and ports committers updating the port).
>
> Interestingly, my experience from portsnap is that people tend to update
> ports more frequently than they apply security patches to the base system.
You can say people tend to update the ports collection, you don't know
about the ports (as in "installed ports"). I have several systems
(behind a proxy) which update the ports collection every day. But the
ports there are not updated that often. I also know about several
systems where the ports collection is updated every day, but the
installed ports are only touched if a client ask about a new software
or an update, which is maybe once a year.
I also like to keep file in the base. It's too damn useful there.
Bye,
Alexander.
--
He who hesitates is last.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-arch
mailing list