[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch Installation

To: van Helsing <vh@helith.net>
Subject: Re: Patch Installation
From: Gerardo Santana Gómez Garrido <santana@tuxtla.openbsd.org.mx>
Date: Sun, 1 Aug 2004 18:42:01 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <20040801192141.BFE453969@sitemail.everyone.net> <20040801195451.GA6710@tuxtla.openbsd.org.mx> <20040802005108.199dbf41.vh@helith.net>
User-Agent: Mutt/1.4.2i

On (02/08/2004 00:51), van Helsing wrote:
> On Sun, 1 Aug 2004 14:54:51 -0500
> santana@tuxtla.openbsd.org.mx (Gerardo Santana G?mez Garrido) wrote:
> 
> > On (01/08/2004 12:21), Rodney Hopkins wrote:
> > > On (08/01/2004 13:10), Gerardo Santana G?mez Garrido wrote:
> > > >There's already an openbsdupdate.openbsd.org.mx ;)
> > > >and even a script to automate downloads from it a la windowsupdate.
> > > >
> > > >I faced the same problem some time ago and came to the conclusion
> > > >that binary patching is the best solution. As you could see in the
> > > >list, many of us do that, in different ways. Some people enjoy
> > > >building everything and making release just to patch a few files;
> > > >some others like me just build what is needed and make small
> > > >packages (using binpatch); the smarter ones just download the
> > > >binary patches already built from openbsdupdate.openbsd.org.mx :)
> > >
> > > Of course, as someone is going to point out, (Hey, I guess it's
> > > me!), downloading binaries that someone else has compiled is
> > > probably not the most secure thing in the world to do.  There is
> > > always the danger of trojaned/backdoored binaries.  It all depends
> > > on the level of trust you give to the person/organization compiling
> > > the binaries as well as how much you really want to end up trusting
> > > the box you're applying those binary patches to.
> > >
> > > Just more food for thought.
> >
> > Well, the main idea behind binpatch is that YOU build your own binary
> > patches to apply them to the rest of your boxes. binpatch tries to
> > make it easy to fetch & apply patches, build only the components
> > affected and pack only the files that were modified as binary patches.
> >
> > I publish mine because people have asked for them. They've helped me
> > too when I have to install a server/firewall in a company, since it's
> > easier and faster to get OpenBSD up to date fetching the binary
> > patches from openbsdupdate and rebooting.
> >
> > Of course, as you well point out, there's always the danger of
> > trojaned patches. But the same is true for binary and source patches.
> >
> > --
> > Gerardo Santana G?mez Garrido
> > http://www.openbsd.org.mx/~santana/
> > "Between people, as among nations, respect of each other's rights
> > insures the peace." -Don Benito Ju?rez
> 
> Correct me if I'm wrong but there is no (I know no solution) solution
> include OpenBSD? And that's the point I dislike.

Like in "official"? No, there's not.


> Chuck Yerkes send me some Text-titles in a mail and I'll read them but
> not everybody can know these texts.
> And e.g. I will never used a binary-patch wich is compiled by somebody
> else.
> So a solution (for me) wich enable me to SET UP such a server easy and
> tell all my openBSD-clients to ask the server because patches would be a
> "perfect" solution.
> But such a Server has to know the Hardware-Platform (even each Client
> could send a uname -a) and the IP (could be also lock up automaticly)
> would be nice.
> And "OpenBSD UpdateD" listen on Port XYZ (such a server dosn't need root
> to compile the srcor fetch them).
> 
> I talk just because a solution INSIDE the LAN, not outside!
> Because a solution outside the lan isn't a good solution for e.g.
> companies or bigger networks like Universities.
> 
> Compiling the Source is also ok if there's a solution wich compile just
> e.g. the needed files and wich is automaticly avaiable without writing
> "damn" scripts wich do this job (my current status!).
> But I miss such a system in OpenBSD wich enable me e.g. also do to an
> easy Update of the installed packages.
> Such systems are "standard" for modern LINUX-OSs like Debian an they
> work
> mostly perfect. :-/


I'm afraid you missed the lines where I talk about making releases and
binpatch. Try again.

The resulting binary packages can be uploaded to a web server and there is
your OpenBSD Update service.

> 
> My notebook is my little "test-system" and I've about 130 packages
> installed. So please DON'T exspect that I'll update all of them manuell


packages? You mean third party software? That's a different story.


> by myself, that sucks realy.... even I do it because the security but
> I'm sometimes just angry that there's no solution wich is part of
> OpenBSD because that wastes just my time...
> 
> And I read somewhere OpenBSD wanna be a platform for developers too.
> I think also developers wanna develop anything and not patching a system
> (yes I include also the packages when I say "patching") or the software
> about 93 minutes.


Then may I suggest to try another platform that meets your needs

-- 
Gerardo Santana Gómez Garrido
http://www.openbsd.org.mx/~santana/
"Between people, as among nations, respect of each other's rights insures
the peace." -Don Benito Juárez

Follow-Ups:
- Re: Patch Installation
  - From: van Helsing <vh@helith.net>
- Re: Patch Installation
  - From: Mailing Lists <lists@coredump.com.ar>

References:
- Re: Patch Installation
  - From: Rodney Hopkins <rhopkins@team.camaroz28.com>
- Re: Patch Installation
  - From: Gerardo Santana Gómez Garrido <santana@tuxtla.openbsd.org.mx>
- Re: Patch Installation
  - From: van Helsing <vh@helith.net>

Prev by Date: make build and -O
Next by Date: Re: Patch Installation
Prev by thread: Re: Patch Installation
Next by thread: Re: Patch Installation
Index(es):
- Date
- Thread