Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Friday August 12 2016, @11:16AM   Printer-friendly
from the all-it-takes-is-time-and-money dept.

Arthur T Knackerbracket has found the following story:

The developers of FreeBSD have announced they'll change the way they go about their business, after users queried why known vulnerabilities weren't being communicated to users.

This story starts with an anonymous GitHub post detailing some vulnerabilities in the OS, specifically in freebsd-update, libarchive, bspatch and portsnap. Some of the problems in that post were verified and the FreeBSD devs started working on repairs.

But over on the FreeBSD security list, threads like this started asking why users weren't being told much about the bugs or remediation efforts. That's a fair question because updating FreeBSD could in some circumstances actually expose users to the problem.

Now the FreeBSD team has answered those questions by saying “As a general rule, the FreeBSD Security Officer does not announce vulnerabilities for which there is no released patch.”

The operating system's developers and security team are now “reviewing this policy for cases where a proof-of-concept or working exploit is already public.”

That post also explains that the team is considering more detailed security advisories. There's also an admission that the proposed patch may have broken other things in the OS.

The post concludes by saying that the FreeBSB core and security teams are working with all due haste to fix things and will let those subscribed to its mailing lists know when patches are ready and the danger is past.

[The majority of SoylentNews.org's servers run Ubuntu 14.04 LTS (Long Term Stable version). Upgrading to version 16.04 LTS would expose our systems to systemd and there has been some discussion among staff about our options. One option under consideration would be FreeBSD. Are there any Soylentils who run FreeBSD? What has your experience been? Any surprises to share with the community? --martyb]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by srobert on Friday August 12 2016, @04:11PM

    by srobert (4803) on Friday August 12 2016, @04:11PM (#387067)

    I've been a desktop/laptop Linux user since 1996. I started playing around with FreeBSD on a laptop around 2012. I'm not a gamer, and my needs are pretty simple, email, web browsing, simple spreadsheets, word processing. I'm not running a server. Most of my personal computing for the last few years has been done on a FreeBSD laptop. I recently acquired a new laptop whose Wifi card is not yet supported by FreeBSD (or any BSD), so I installed ArchLinux on it. ArchLinux is OK, but I'll likely migrate the new laptop to FreeBSD when the wifi support becomes available, which I think will be around the time FreeBSD 12 is released. FreeBSD seems easier to me to update and administer even for desktop use. I'd imagine that would be even more true for a server, provided the hardware works and your applications are available. The documentation is easy to follow and procedures are more consistent over time than most of the dozen or so Linux distributions I've used.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Celestial on Friday August 12 2016, @04:31PM

    by Celestial (4891) on Friday August 12 2016, @04:31PM (#387078) Journal

    Out of curiosity, have you tried DragonFly BSD? I've been told that it has better hardware support for notebook computers than FreeBSD, and plan on trying it the next time I buy a notebook.

    • (Score: 1, Informative) by Anonymous Coward on Friday August 12 2016, @10:23PM

      by Anonymous Coward on Friday August 12 2016, @10:23PM (#387212)

      DragonFly is a fork from the 4.x branch of FreeBSD. That was probably the last good release of FreeBSD for general purpose computing; everything since then has been geared more towards the production server environment. Thus device drivers for recent graphics have been neglected since 2007 or so; the official mantra for FreeBSD users is to just use the nVidia blob. DragonFly has no problem supporting graphics drivers as recent as Broadwell as that is what Matt Dillon uses for his machine.

      That being said, DragonFly is about fifteen years in the past when it comes to security. It still lacks basic constraints like DEP or rootless Xorg and is probably the least secure BSD out of the box. Take that as you may. Personally, I've had no problem with OpenBSD on laptops, to include suspend/resume working with no issue.

    • (Score: 2) by srobert on Saturday August 13 2016, @02:26AM

      by srobert (4803) on Saturday August 13 2016, @02:26AM (#387329)

      I tried both DragonflyBSD and OpenBSD a while back. I think they were both in VirtualBox on the FreeBSD laptop. I didn't use them much though, as FreeBSD was working flawlessly on the host. If my new laptop's wifi card is supported under one of the other BSD's before FreeBSD. I might give one of them another try.