DragonFly BSD
DragonFly kernel List (threaded) for 2006-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: pkgsrc packaging of base?

To: Oliver Fromme <check+iuf8dh00rsua2fvx@xxxxxxxxxx>
From: "Erik P. Skaalerud" <erik@xxxxxxxxxxxx>
Date: Fri, 10 Feb 2006 15:06:49 +0100

Oliver Fromme wrote:
 > It makes it work well right up until gzip or some other program ends
 > up with a security hole, and then you have to either manually patch it

Which is usually very easy.

> (having no way to verify later if it was patched other than 'md5')

The patches should increase the RCS/CVS ID, so you can use
ident(1) on the binary.

> or upgrade the entire OS to -STABLE.

Which is usually quite easy, too.

There's a third possibility:  Download a patched binary.
Same effect as manually patching and compiling it, but
some people might prefer not to do that themselves.

 > Without packaging up the base system, updating a small amount of
 > servers (100 or so) becomes a very difficult task

Uhm, I've done that in the past (FreeBSD).  It's not
difficult at all, provided that the server farm has
been designed and set up in a reasonable way (with
updating in mind, right from the beginning).

Oliver, You have to put yourself in the new user's shoes. It's not easy at all to manually patch sourcecode and rebuild the appropriate binaries and libraries.

I am one of those who like the idea of being able to have a system running without the sourcecode on the disk. Binary update's of the kernel and userland (like debian does with apt) is a very nice feature, even for me (I know how to patch and build manually).

- Erik

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]