Re: Reasonable expectations of sysadmins (was Re: FreeBSD Securi
On Oct 2, 2011, at 6:11 AM, Mike Brown wrote:
> Chris Rees wrote:
>> Generally users are expected to pay attention to what is updated-- I
>> know this isn't always the easiest task, but blindly following
>> instructions is not something that is generally advocated in FreeBSD.
>=20
> Generally, yes. For a security advisory, though, I don't think it's=20
> unreasonable for the reader to expect that the solutions and =
workarounds are=20
> exactly as described, with nothing left out or assumed that every =
system=20
> administrator will know. Likewise, the advisory issuer surely expects =
that the=20
> instructions they provide *will* be very strictly followed.
>=20
> Based on my own experience, I did happen to realize that a reboot =
would=20
> probably be needed, but since one procedure in the advisory said to =
reboot and=20
> the other didn't, it led me to wonder if maybe there was some magic in=20=
> freebsd-update that obviated the need for a reboot. Apparently there's =
not; it=20
> was just an oversight in the instructions.
>=20
> Also, sometimes things go haywire after a reboot, especially after =
extended=20
> uptime and updates to the kernel or core libraries, so I'm in the =
habit of=20
> only shutting down when necessary. So if I don't see "and then reboot" =
in an=20
> update procedure - and most of the time, security updates don't =
require it -=20
> then I don't do it.
>=20
Hi Mike,
I do see the point you are mentioning and I will discuss this the next =
time we (Security Team)
are preparing an advisory.
Thanks
Remko
--=20
/"\ With kind regards, | remko@elvandar.org
\ / Remko Lodder | remko@FreeBSD.org
X FreeBSD | =
http://www.evilcoder.org
/ \ The Power to Serve | Quis custodiet ipsos custodes
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"