Date: Fri, 12 May 2000 16:19:18 -0600 From: Wes Peters <wes@softweyr.com> To: Brad Guillory <round@baileylink.net> Cc: Robert Watson <rwatson@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <391C8366.C63B2B44@softweyr.com> References: <200005121852.OAA89027@giganda.komkon.org> <Pine.NEB.3.96L.1000512145530.44824B-100000@fledge.watson.org> <20000512141525.F77275@baileylink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Brad Guillory wrote:
>
> I think that you have sound goals and achievable objectives, the ingredients
> for a successful project. To accommodate the other camps (international
> version users for instance) I suggest that you make any tools and methodologies
> that you develop for the project available.
Yes, this does sound like a workable plan, and is in fact exactly what
I'm creating for DoBox. I'm certainly glad to share whatever code I
write to support this, though the mechanisms may differ somewhat.
> You might consider your dependency stance. It would probably be easier for
> you to simply maintain a single package with incremental version numbers
> where each version contains all the fixes. I suspect that the number of
> binaries that will change over the course of a release will be minor.
The pkg_add tool takes care of this to some extent. If the FreeBSD-4.0p3
package depends on FreeBSD-4.0p2 which in turn depends on FreeBSD-4.0p1
and you attempt to pkg_add p3, it will either fetch and apply p1 and p2
from the same media before installing p3 or fail to install p3 with a
helpful warning that p2 is not installed. In the case of installing the
patches over the networking, there should not be a reason why you could
fetch p3 but not p2 or p1.
> The usefulness of this project will probably be very limited if you do not
> address the kernel issue. Many security fixes that I have seen since I joined
> the list have been if the form of kernel patches.
I suppose it would be enough to install the related kernel.GENERIC and
updated kernel source files. We would probably want to a way to disregard
the source file updates unless the sources are already installed on the
system.
As I said, these are EXACTLY the issues I am addressing for my employer,
and am both happy to share (and commit) my code, and to receive design help.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?391C8366.C63B2B44>