Date: Fri, 12 May 2000 16:19:18 -0600 From: Wes Peters <wes@softweyr.com> To: Brad Guillory <round@baileylink.net> Cc: Robert Watson <rwatson@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <391C8366.C63B2B44@softweyr.com> References: <200005121852.OAA89027@giganda.komkon.org> <Pine.NEB.3.96L.1000512145530.44824B-100000@fledge.watson.org> <20000512141525.F77275@baileylink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Brad Guillory wrote: > > I think that you have sound goals and achievable objectives, the ingredients > for a successful project. To accommodate the other camps (international > version users for instance) I suggest that you make any tools and methodologies > that you develop for the project available. Yes, this does sound like a workable plan, and is in fact exactly what I'm creating for DoBox. I'm certainly glad to share whatever code I write to support this, though the mechanisms may differ somewhat. > You might consider your dependency stance. It would probably be easier for > you to simply maintain a single package with incremental version numbers > where each version contains all the fixes. I suspect that the number of > binaries that will change over the course of a release will be minor. The pkg_add tool takes care of this to some extent. If the FreeBSD-4.0p3 package depends on FreeBSD-4.0p2 which in turn depends on FreeBSD-4.0p1 and you attempt to pkg_add p3, it will either fetch and apply p1 and p2 from the same media before installing p3 or fail to install p3 with a helpful warning that p2 is not installed. In the case of installing the patches over the networking, there should not be a reason why you could fetch p3 but not p2 or p1. > The usefulness of this project will probably be very limited if you do not > address the kernel issue. Many security fixes that I have seen since I joined > the list have been if the form of kernel patches. I suppose it would be enough to install the related kernel.GENERIC and updated kernel source files. We would probably want to a way to disregard the source file updates unless the sources are already installed on the system. As I said, these are EXACTLY the issues I am addressing for my employer, and am both happy to share (and commit) my code, and to receive design help. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?391C8366.C63B2B44>