On Mon, Aug 08, 2016 at 10:53:26AM -0700, Nathan Whitehorn wrote:> > > On 08/08/16 10:43, Lars Engels wrote: > >On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: > >>>On Aug 8, 2016, at 8:02 AM, Lars Engels <lars.engels at 0x20.net> wrote: > >>> > >>>On Mon, Aug 08, 2016 at 02:44:05PM +0000, Glen Barber wrote: > >>>>On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: > >>>>>On Sat, Aug 06, 2016 at 09:05:26PM +0000, Glen Barber wrote: > >>>>>>-----BEGIN PGP SIGNED MESSAGE----- > >>>>>>o The new system hardening options have been fixed to avoid overwriting > >>>>>> other options selected during install time. > >>>>>Can those options also get added to "bsdconfig"? > >>>>You would have to ask the bsdconfig maintainer(s). > >>>> > >>>Cc'ing dteske. > >>> > >>What aspects of bsdconfig need updating? > >bsdinstall has a new "hardening" module. AFAIK bsdinstall and bsdconfig > >share a lot of code, so bsdconfig should probably also offer the > >"hardening" module. > > The hardening module should probably just be a part of bsdconfig, actually, > and an option to open bsdconfig be an option at the end of the installer. >In order for that to be an option, I'd strongly suggest updating bsdconfig to properly detect packages on the DVD (which it has not since 10.0-RELEASE), as it makes too many incorrect assumptions. Glen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160808/91453197/attachment.sig>
On 08/08/16 10:56, Glen Barber wrote:> On Mon, Aug 08, 2016 at 10:53:26AM -0700, Nathan Whitehorn wrote: >> >> On 08/08/16 10:43, Lars Engels wrote: >>> On Mon, Aug 08, 2016 at 10:15:07AM -0700, Devin Teske wrote: >>>>> On Aug 8, 2016, at 8:02 AM, Lars Engels <lars.engels at 0x20.net> wrote: >>>>> >>>>> On Mon, Aug 08, 2016 at 02:44:05PM +0000, Glen Barber wrote: >>>>>> On Mon, Aug 08, 2016 at 10:48:30AM +0200, Lars Engels wrote: >>>>>>> On Sat, Aug 06, 2016 at 09:05:26PM +0000, Glen Barber wrote: >>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>> o The new system hardening options have been fixed to avoid overwriting >>>>>>>> other options selected during install time. >>>>>>> Can those options also get added to "bsdconfig"? >>>>>> You would have to ask the bsdconfig maintainer(s). >>>>>> >>>>> Cc'ing dteske. >>>>> >>>> What aspects of bsdconfig need updating? >>> bsdinstall has a new "hardening" module. AFAIK bsdinstall and bsdconfig >>> share a lot of code, so bsdconfig should probably also offer the >>> "hardening" module. >> The hardening module should probably just be a part of bsdconfig, actually, >> and an option to open bsdconfig be an option at the end of the installer. >> > In order for that to be an option, I'd strongly suggest updating > bsdconfig to properly detect packages on the DVD (which it has not since > 10.0-RELEASE), as it makes too many incorrect assumptions. > > Glen >It's way too late for this for 11.0. I was just making a general statement. I think things are fine as they are for the upcoming release. -Nathan