[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD/Errata/BUGTraq et al.


I dodn't understand how this came up, and especially the connection
to Bugtraq, but want to throw my 2 cents in:

On Tue, Oct 17, 2000 at 04:33:59PM +0200, amanda_(_at_)_wineasy_(_dot_)_se wrote:
> I can't even *get* to some of my servers in one hour. Sometimes I'm on the
> other side of the planet when a security issue comes up.

Of course (referring to your earlier promise to install RedHat) you
will have _lots_ of opportunities to experience this when you
actually do install some Linux variant, or your installations are
not as critical as you say. You currently miss most if not all
of them, imho. I currently count some 2-5 moderate to heavy security
incidents on Linux per week, and none on OpenBSD, although I may
miss one or other of them on both sides.

> Perhaps we could take a poll. How many users want stuff like IPv6 and VLAN
> in their kernel, and how many want to do remote upgrades?

I guess most of us want everything...

> Look at Debian. You can upgrade to a new version without even a reboot!

I think as a long time Debian user (and I still am, and will be for a
forseeable time) I can say that this is untrue. The simple reason is that
upgrading Debian eg. from 2.1 to 2.2 should install a new kernel, 2.2.17pre...
instead of 2.0.36. How do you expect a kernel upgrade without a reboot?!?

Also, I find that some of the upgraded packages break one minor
thing or other, and requires manual intervention, although
apt-get -f dist-upgrade is a nice thing in general :)

But then, I think that OpenBSD is very nicely upgradable, too, although
perhaps a bit uneasy if you skip several versions. I also (already)
proposed a binary packaging system, namely the Debian file format (.deb)
for OpenBSD... Don't exactly know if this fits.

> Alas the PC architecture is not really designed for remote users. When 

Yes. Unfortunately... Get a VAX to cope with that 8)

My procedure for remotely upgrading OpenBSD would be as follows:

- get a CVS mirror (somewhere)
- make a new release (ie, locally)
- create the target's /etc
- check if the new release boots
- plug everything into one tree and/or make a set of .tgz files
- rsync to the target in proper order and reboot,
  possibly followed by manual ports handling

> will there be a cheap PCI card with onboard ethernet, sshd and an emulated
> serial port for remote console access? (cf. HP-UX LAN Console)

Is that HP-UX LAN Console cheap? Otherwise I would rather
look at that PC-Weazel. So far I didn't try this, but
it looks attractive.

Best Regards nonetheless,

Visit your host, monkey.org