From owner-freebsd-questions@freebsd.org  Sat Sep 19 00:35:44 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 024F5A03858;
 Sat, 19 Sep 2015 00:35:44 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id BBB271BD4;
 Sat, 19 Sep 2015 00:35:43 +0000 (UTC) (envelope-from des@des.no)
Received: from nine.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id 4B3EA8A7F;
 Sat, 19 Sep 2015 00:35:42 +0000 (UTC)
Received: by nine.des.no (Postfix, from userid 1001)
 id 1B7DE8383; Sat, 19 Sep 2015 02:35:42 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Roger Marquis <marquis@roble.com>
Cc: freebsd-security@freebsd.org,  freebsd-questions@freebsd.org
Subject: Re: HTTPS on freebsd.org, git, reproducible builds
References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com>
 <86vbb7dhaa.fsf@nine.des.no> <20150918134659.GB28949@FreeBSD.org>
 <20150918140821.62C8885B8@smtp.des.no>
Date: Sat, 19 Sep 2015 02:35:42 +0200
In-Reply-To: <20150918140821.62C8885B8@smtp.des.no> (Roger Marquis's message
 of "Fri, 18 Sep 2015 07:07:59 -0700 (PDT)")
Message-ID: <86fv2bw8ip.fsf@nine.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Sep 2015 00:35:44 -0000

Roger Marquis <marquis@roble.com> writes:
> This issue is one of the reasons secure sites do not use binary packages
> or freebsd-update.  It also illustrates problems admins have when
> required to buildworld/installworld when all they should need to do is
> "cd /usr/src/crypro/openssh&&make install" (for example).  Does anyone
> have a link to the archived discussion detailing why this functionality
> was deprecated?

It has not been deprecated.  If you're referring upgrading instructions
in security advisories etc., they generally just say "build and install
world" because providing precise instructions for an incremental rebuild
would require much more work on secteam's part, and there would be a
significant risk of error both on secteam's and the user's part.  Here's
the correct sequence for OpenSSH:

# cd /usr/src/secure
# for d in lib/libssh */s* ; do (cd $d && make cleandir && make obj && make=
 depend all install) ; done
# service sshd restart

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no