Language Selection

English French German Italian Portuguese Spanish

The (bad) deal with freebsd-update(8)

Filed under
BSD

The binary patches are quite a mysterious issue in FreeBSD, no matter freebsd-update( 8 ) is around since about 2005, and since FreeBSD 6.3-RELEASE it reached a new level of power. As I have had quarrels with FreeBSD aficionados on the issue of binary patches in FreeBSD, I thought I should clear a bit the mess.

Not only proprietary or closed-source operating systems come with binary security updates, but each and every Linux distribution which is supported by the issuer is provided with patched binaries when a security issue is identified and a solution is found. Unless you're running a source distribution (LFS, Gentoo, etc.), why would you prefer to build yourself from sources a patched binary, when an officially patched package can be made available? This one, the new package is only build once, not millions of times!

All the BSD flavors favor the source patches. When a security advisory is issued, you're supposed to apply the source patch and to rebuild the corresponding binary. Most people never considered this process as a bothersome one, as in real life, there is another issue taking even more time: rebuilding the vulnerable ports (when updated packages are not available).

More Here




More in Tux Machines

Ubuntu 15.10 (Wily Werewolf) to Ship with OpenStack Liberty

Canonical's James Page posted an interesting message on the Ubuntu mailing list, informing all Ubuntu developers about the steps they need to take in order to update the OpenStack cloud software to version 2015.2.0 (Liberty) in Ubuntu 15.10. Read more

Mark Shuttleworth Details Ubuntu 15.10 Highlights [VIDEO]

Ubuntu developers are closing in on the next major release, with the Ubuntu 15.10 Wily Werewolf set to debut on October 22. Ubuntu 15.10 is in many respects an incremental release ahead of the 16.04 Long Term Support release in 2016. Among the key innovations in 15.10 is wider use of the Snappy technology for packaging, though it won't replace the core .deb packaging system anytime soon, if ever. Read more

Improving Security for Bugzilla

Openness, transparency, and security are all central to the Mozilla mission. That’s why we publish security bugs once they’re no longer dangerous, and it’s why we’re writing a blog post about unauthorized access to our infrastructure. We have notified the relevant law enforcement authorities about this incident, and may take additional steps based on the results of any further investigations. Read more

RHEL 7.2 has an updated kernel target

As mentioned in the beta release notes, the kernel in RHEL 7.2 contains a rebased LIO kernel target, to the equivalent of the Linux 4.0.stable series. This is a big update. LIO has improved greatly since 3.10. It has added support for SCSI features that enable VMWare VAAI support, as well as data integrity (DIF), and significant iSER work, for those of you using Infiniband. (SRP is also supported, as well as iSCSI and FCoE, of course.) Read more