FreeBSD Security Advisory FreeBSD-SA-14:31.ntp
Roger Marquis
marquis at roble.com
Fri Dec 26 20:08:35 UTC 2014
Dag-Erling Sm?rgrav wrote:
> Eugene Grosbein wrote:
>> Why does it say "Recompile the operating system using buildworld and
>> installworld"?
>
> Because that's what the template says, and we rarely change it to
> something more specific (in large part because that requires careful
> testing of the exact instructions we publish). "Rebuild, reinstall and
> reboot" may be overkill, but it's never wrong.
This is most unfortunate as it creates a high bar for base security
patches at many FreeBSD shops. Sites with a significant number of
production hosts, jails and/or filesystem fingerprinting (integrit,
tripwire) or those with constrained resources are never going to be able
to make/build/installworld for something as simple as a single binary
update.
I assume the root cause is insufficient resources within the freebsd
security team. If that's the case would there be a budget estimate
associated with addressing this security advicory situation? Since quick
publication of advisories is critical this also raises the question of
what might be an effective way to subsequently publish more granular
update instructions.
Roger Marquis
More information about the freebsd-security
mailing list