[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch Installation

To: santana@tuxtla.openbsd.org.mx (Gerardo Santana G鏔ez Garrido)
Subject: Re: Patch Installation
From: van Helsing <vh@helith.net>
Date: Mon, 2 Aug 2004 00:51:08 +0200
Cc: misc@openbsd.org
Organization: Helith Network
References: <20040801192141.BFE453969@sitemail.everyone.net> <20040801195451.GA6710@tuxtla.openbsd.org.mx>

On Sun, 1 Aug 2004 14:54:51 -0500
santana@tuxtla.openbsd.org.mx (Gerardo Santana G鏔ez Garrido) wrote:

> On (01/08/2004 12:21), Rodney Hopkins wrote:
> > On (08/01/2004 13:10), Gerardo Santana G鏔ez Garrido wrote:
> > >There's already an openbsdupdate.openbsd.org.mx ;)
> > >and even a script to automate downloads from it a la windowsupdate.
> > >
> > >I faced the same problem some time ago and came to the conclusion
> > >that binary patching is the best solution. As you could see in the
> > >list, many of us do that, in different ways. Some people enjoy
> > >building everything and making release just to patch a few files;
> > >some others like me just build what is needed and make small
> > >packages (using binpatch); the smarter ones just download the
> > >binary patches already built from openbsdupdate.openbsd.org.mx :)
> >
> > Of course, as someone is going to point out, (Hey, I guess it's
> > me!), downloading binaries that someone else has compiled is
> > probably not the most secure thing in the world to do.  There is
> > always the danger of trojaned/backdoored binaries.  It all depends
> > on the level of trust you give to the person/organization compiling
> > the binaries as well as how much you really want to end up trusting
> > the box you're applying those binary patches to.
> >
> > Just more food for thought.
>
> Well, the main idea behind binpatch is that YOU build your own binary
> patches to apply them to the rest of your boxes. binpatch tries to
> make it easy to fetch & apply patches, build only the components
> affected and pack only the files that were modified as binary patches.
>
> I publish mine because people have asked for them. They've helped me
> too when I have to install a server/firewall in a company, since it's
> easier and faster to get OpenBSD up to date fetching the binary
> patches from openbsdupdate and rebooting.
>
> Of course, as you well point out, there's always the danger of
> trojaned patches. But the same is true for binary and source patches.
>
> --
> Gerardo Santana G鏔ez Garrido
> http://www.openbsd.org.mx/~santana/
> "Between people, as among nations, respect of each other's rights
> insures the peace." -Don Benito Ju嫫ez

Correct me if I'm wrong but there is no (I know no solution) solution
include OpenBSD? And that's the point I dislike.
Chuck Yerkes send me some Text-titles in a mail and I'll read them but
not everybody can know these texts.
And e.g. I will never used a binary-patch wich is compiled by somebody
else.
So a solution (for me) wich enable me to SET UP such a server easy and
tell all my openBSD-clients to ask the server because patches would be a
"perfect" solution.
But such a Server has to know the Hardware-Platform (even each Client
could send a uname -a) and the IP (could be also lock up automaticly)
would be nice.
And "OpenBSD UpdateD" listen on Port XYZ (such a server dosn't need root
to compile the srcor fetch them).

I talk just because a solution INSIDE the LAN, not outside!
Because a solution outside the lan isn't a good solution for e.g.
companies or bigger networks like Universities.

Compiling the Source is also ok if there's a solution wich compile just
e.g. the needed files and wich is automaticly avaiable without writing
"damn" scripts wich do this job (my current status!).
But I miss such a system in OpenBSD wich enable me e.g. also do to an
easy Update of the installed packages.
Such systems are "standard" for modern LINUX-OSs like Debian an they
work
mostly perfect. :-/

My notebook is my little "test-system" and I've about 130 packages
installed. So please DON'T exspect that I'll update all of them manuell
by myself, that sucks realy.... even I do it because the security but
I'm sometimes just angry that there's no solution wich is part of
OpenBSD because that wastes just my time...

And I read somewhere OpenBSD wanna be a platform for developers too.
I think also developers wanna develop anything and not patching a system
(yes I include also the packages when I say "patching") or the software
about 93 minutes.

vh :-)

[demime 0.98d removed an attachment of type application/pgp-signature]

Follow-Ups:
- Re: Patch Installation
  - From: Gerardo Santana G鏔ez Garrido <santana@tuxtla.openbsd.org.mx>

References:
- Re: Patch Installation
  - From: Rodney Hopkins <rhopkins@team.camaroz28.com>
- Re: Patch Installation
  - From: Gerardo Santana G鏔ez Garrido <santana@tuxtla.openbsd.org.mx>

Prev by Date: 2005喇紫嶸蜂霜謙濠問隸摹滌 [鏃機,檜霜] 衛レ寰頂濠猿 usp n e wwo
Next by Date: PF and a feauture I requested weeks ago
Prev by thread: Re: Patch Installation
Next by thread: Re: Patch Installation
Index(es):
- Date
- Thread