[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Alternatives to CVSUP for Security Updates and Errata
- Subject: Alternatives to CVSUP for Security Updates and Errata
- From: dnelson at allantgroup.com (Dan Nelson)
- Date: Thu Aug 26 14:11:27 2004
In the last episode (Aug 26), Kenneth A. Bond said:
> I currently manage several FreeBSD 4.9 and 4.10 servers that serve as
> high volume web servers to several of our employees worldwide.
> As you can imagine, in firm the size of ours, various teams are
> reponsible for various aspects of our technology infrastructure. With
> that said, I have requested to have our security team create a policy
> that will allow traffic to and from my servers via port 5999 for
> CVSup, so that I could synch my source.
> My request has been flatly refused, due to the fact that FreeBSD is
> not a firm-standard operating system. The security team will not open
> up the firewalls for this purpose. CVSup is not an option.
You don't need to allow incoming connections to port 5999; cvsup by
default will multiplex traffic over the one outgoing connection. You
can also connect through a SOCKS proxy server (but not an HTTP proxy)
if your company has one. If your firewall blocks all outgoing TCP
connects, then you are probably stuck.