[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alternatives to CVSUP for Security Updates and Errata

Subject: Alternatives to CVSUP for Security Updates and Errata
From: dnelson at allantgroup.com (Dan Nelson)
Date: Thu Aug 26 14:11:27 2004

In the last episode (Aug 26), Kenneth A. Bond said:
> I currently manage several FreeBSD 4.9 and 4.10 servers that serve as
> high volume web servers to several of our employees worldwide.
>  
> As you can imagine, in firm the size of ours, various teams are
> reponsible for various aspects of our technology infrastructure. With
> that said, I have requested to have our security team create a policy
> that will allow traffic to and from my servers via port 5999 for
> CVSup, so that I could synch my source.
>  
> My request has been flatly refused, due to the fact that FreeBSD is
> not a firm-standard operating system. The security team will not open
> up the firewalls for this purpose. CVSup is not an option.

You don't need to allow incoming connections to port 5999; cvsup by
default will multiplex traffic over the one outgoing connection.  You
can also connect through a SOCKS proxy server (but not an HTTP proxy)
if your company has one.  If your firewall blocks all outgoing TCP
connects, then you are probably stuck.

-- 
	Dan Nelson
	dnelson_(_at_)_allantgroup_(_dot_)_com

References:
- Alternatives to CVSUP for Security Updates and Errata
  - From: Kenneth A. Bond

Prev by Date: Startup with no-ip
Next by Date: Startup with no-ip
Previous by thread: Alternatives to CVSUP for Security Updates and Errata
Next by thread: Maximum Transfer Size, ATA, and UFS2, was lowered? How?
Index(es):
- Date
- Thread

Visit your host, monkey.org