[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch Installation
On Sun, 1 Aug 2004 18:42:01 -0500
santana@tuxtla.openbsd.org.mx (Gerardo Santana Gómez Garrido) wrote:
> On (02/08/2004 00:51), van Helsing wrote:
> > On Sun, 1 Aug 2004 14:54:51 -0500
> > santana@tuxtla.openbsd.org.mx (Gerardo Santana G?mez Garrido) wrote:
> >
> > > On (01/08/2004 12:21), Rodney Hopkins wrote:
> > > > On (08/01/2004 13:10), Gerardo Santana G?mez Garrido wrote:
> > > > >There's already an openbsdupdate.openbsd.org.mx ;)
> > > > >and even a script to automate downloads from it a la
> > > > >windowsupdate.
> > > > >
> > > > >I faced the same problem some time ago and came to the
> > > > >conclusion that binary patching is the best solution. As you
> > > > >could see in the list, many of us do that, in different ways.
> > > > >Some people enjoy building everything and making release just
> > > > >to patch a few files; some others like me just build what is
> > > > >needed and make small packages (using binpatch); the smarter
> > > > >ones just download the binary patches already built from
> > > > >openbsdupdate.openbsd.org.mx :)
> > > >
> > > > Of course, as someone is going to point out, (Hey, I guess it's
> > > > me!), downloading binaries that someone else has compiled is
> > > > probably not the most secure thing in the world to do. There is
> > > > always the danger of trojaned/backdoored binaries. It all
> > > > depends on the level of trust you give to the
> > > > person/organization compiling the binaries as well as how much
> > > > you really want to end up trusting the box you're applying those
> > > > binary patches to.
> > > >
> > > > Just more food for thought.
> > >
> > > Well, the main idea behind binpatch is that YOU build your own
> > > binary patches to apply them to the rest of your boxes. binpatch
> > > tries to make it easy to fetch & apply patches, build only the
> > > components affected and pack only the files that were modified as
> > > binary patches.
> > >
> > > I publish mine because people have asked for them. They've helped
> > > me too when I have to install a server/firewall in a company,
> > > since it's easier and faster to get OpenBSD up to date fetching
> > > the binary patches from openbsdupdate and rebooting.
> > >
> > > Of course, as you well point out, there's always the danger of
> > > trojaned patches. But the same is true for binary and source
> > > patches.
> > >
> > > --
> > > Gerardo Santana G?mez Garrido
> > > http://www.openbsd.org.mx/~santana/
> > > "Between people, as among nations, respect of each other's rights
> > > insures the peace." -Don Benito Ju?rez
> >
> > Correct me if I'm wrong but there is no (I know no solution)
> > solution include OpenBSD? And that's the point I dislike.
>
> Like in "official"? No, there's not.
>
>
> > Chuck Yerkes send me some Text-titles in a mail and I'll read them
> > but not everybody can know these texts.
> > And e.g. I will never used a binary-patch wich is compiled by
> > somebody else.
> > So a solution (for me) wich enable me to SET UP such a server easy
> > and tell all my openBSD-clients to ask the server because patches
> > would be a"perfect" solution.
> > But such a Server has to know the Hardware-Platform (even each
> > Client could send a uname -a) and the IP (could be also lock up
> > automaticly) would be nice.
> > And "OpenBSD UpdateD" listen on Port XYZ (such a server dosn't need
> > root to compile the srcor fetch them).
> >
> > I talk just because a solution INSIDE the LAN, not outside!
> > Because a solution outside the lan isn't a good solution for e.g.
> > companies or bigger networks like Universities.
> >
> > Compiling the Source is also ok if there's a solution wich compile
> > just e.g. the needed files and wich is automaticly avaiable without
> > writing"damn" scripts wich do this job (my current status!).
> > But I miss such a system in OpenBSD wich enable me e.g. also do to
> > an easy Update of the installed packages.
> > Such systems are "standard" for modern LINUX-OSs like Debian an they
> > work
> > mostly perfect. :-/
>
>
> I'm afraid you missed the lines where I talk about making releases and
> binpatch. Try again.
>
> The resulting binary packages can be uploaded to a web server and
> there is your OpenBSD Update service.
That's the point I wont run a webserver for this!
An own Daemon with own port and e.g. tunneld throuth ssh... that's it.
:)
> >
> > My notebook is my little "test-system" and I've about 130 packages
> > installed. So please DON'T exspect that I'll update all of them
> > manuell
>
>
> packages? You mean third party software? That's a different story.
Yes because the port-system it would be very easy to include such a
system.
>
> > by myself, that sucks realy.... even I do it because the security
> > but I'm sometimes just angry that there's no solution wich is part
> > of OpenBSD because that wastes just my time...
> >
> > And I read somewhere OpenBSD wanna be a platform for developers too.
> > I think also developers wanna develop anything and not patching a
> > system(yes I include also the packages when I say "patching") or the
> > software about 93 minutes.
>
>
> Then may I suggest to try another platform that meets your needs
OpenBSD meets my needs nearly perfectly because it's secure...
So don't mix ideas with critic about the OS itself...
vh