Re: Create a canned 'Firewall Build' or RFHH

[Ted U <grendel@heorot.stanford.edu>]

On Mon, 25 Feb 2002, Angus Scott-Fleming wrote:

> I get security advisories on freebsd-announce at least several
> times a month (they're up to 02:12 so far this year), and
> SecurityFocus and other security sites have Linux security
> issues quite frequently.  While none of these may affect my
> firewall, I'd have to keep up with them nonetheless,

You're comparing apples to oranges.  FreeBSD puts out an advisory for
every program in ports, sometimes for what I think are rather silly
things.  Same with debian, redhat, and assorted others.  If you had those
programs installed on OpenBSD, you'd be in worse shape, since you'd be on
your own without anyone holding your hand to install a new package.  If
you don't have the program installed, you hit the delete key and move on.
If you don't know what it's installed, that's bad.

So what you're trying to say is, if we make a firewall only distro, then
you won't have to keep up on advisories.  And that's a mistake, because
their might be an problem with the firewalling code.  And how are you
going to know if you're not paying attention?  The OpenBSD developers
surely aren't going to remember that you've got a private firewall distro
out there and kindly send you a reminder note to update your kernel.



--
Ted, toll collector of the information superhighway