> > Enabling a world-wide auto-update feature does indeed seem much of a
> > security risk to me.
> >
> More of a risk than up2date for RedHat or emerge -u system for Gentoo? Or
> cvsup for *BSD?
cvsup (or cvs) to update to new operating system or ports/pkgsrc sources
is different because:
- you don't get the final product; the binaries are not built
automatically nor installed.
- it is used to build from source; and the source code changes can
be compared and reviewed by anyone.
Jeremy C. Reed
http://bsd.reedmedia.net/
p.s. If you are a pkgsrc user, be sure to install and use
security/audit-packages.
p.p.s. I help run a BSD security update service; I don't think any of our
customers automatically upgrade with security updates although it is
possible.
> > Enabling a world-wide auto-update feature does indeed seem much of a
> > security risk to me.
> >
> More of a risk than up2date for RedHat or emerge -u system for Gentoo? Or
> cvsup for *BSD?
cvsup (or cvs) to update to new operating system or ports/pkgsrc sources
is different because:
- you don't get the final product; the binaries are not built
automatically nor installed.
- it is used to build from source; and the source code changes can
be compared and reviewed by anyone.
Jeremy C. Reed
http://bsd.reedmedia.net/
p.s. If you are a pkgsrc user, be sure to install and use
security/audit-packages.
p.p.s. I help run a BSD security update service; I don't think any of our
customers automatically upgrade with security updates although it is
possible.
[ reply ]