From owner-freebsd-security Fri May 12 15:18:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 0109C37B813; Fri, 12 May 2000 15:18:26 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (ip43.salt-lake-city6.ut.pub-ip.psi.net [38.27.95.43]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id QAA00457; Fri, 12 May 2000 16:17:58 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <391C8366.C63B2B44@softweyr.com> Date: Fri, 12 May 2000 16:19:18 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brad Guillory Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler References: <200005121852.OAA89027@giganda.komkon.org> <20000512141525.F77275@baileylink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brad Guillory wrote: > > I think that you have sound goals and achievable objectives, the ingredients > for a successful project. To accommodate the other camps (international > version users for instance) I suggest that you make any tools and methodologies > that you develop for the project available. Yes, this does sound like a workable plan, and is in fact exactly what I'm creating for DoBox. I'm certainly glad to share whatever code I write to support this, though the mechanisms may differ somewhat. > You might consider your dependency stance. It would probably be easier for > you to simply maintain a single package with incremental version numbers > where each version contains all the fixes. I suspect that the number of > binaries that will change over the course of a release will be minor. The pkg_add tool takes care of this to some extent. If the FreeBSD-4.0p3 package depends on FreeBSD-4.0p2 which in turn depends on FreeBSD-4.0p1 and you attempt to pkg_add p3, it will either fetch and apply p1 and p2 from the same media before installing p3 or fail to install p3 with a helpful warning that p2 is not installed. In the case of installing the patches over the networking, there should not be a reason why you could fetch p3 but not p2 or p1. > The usefulness of this project will probably be very limited if you do not > address the kernel issue. Many security fixes that I have seen since I joined > the list have been if the form of kernel patches. I suppose it would be enough to install the related kernel.GENERIC and updated kernel source files. We would probably want to a way to disregard the source file updates unless the sources are already installed on the system. As I said, these are EXACTLY the issues I am addressing for my employer, and am both happy to share (and commit) my code, and to receive design help. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message