[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
compilers on firewall boxen??
Apologies is this is a bit off topic for pf, but I wanted to get the
OpenBSD firewall gurus opinions. What is the preferred method for
keeping an OpenBSD firewall boxen patched and the os upgraded?
It's generally not considered "best practice" to have compilers
available on security sensitive applications. Patches can be compiled
inot binaries on a secure box and copied to production boxen, but os
upgrades can get a bit unweildy with this approach. So this seemsm to
leave doing install and selecting upgrade option, and merging /etc....
Or one can cvsup the source tree and compile. The latter is what I
usually do, as I feel pretty confident that OpenBSD isn't going to get
hacked, but am curious as to what others think w.r.t. boxes that might
be of special interest to the black hats...
PGP Key-- 9F5179FD
"As we enjoy great advantages from inventions of others, we should be
glad of an opportunity to serve others by any invention of ours; and
this we should do freely and generously." --Benjamin Franklin