From owner-freebsd-security  Mon Dec 18  2:47:28 2000
From owner-freebsd-security@FreeBSD.ORG  Mon Dec 18 02:47:24 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from nevermind.kiev.ua (unknown [212.109.53.33])
	by hub.freebsd.org (Postfix) with ESMTP id 3FB2D37B404
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Dec 2000 02:47:22 -0800 (PST)
Received: (from never@localhost)
	by nevermind.kiev.ua (8.11.1/8.11.1) id eBIAkYT52263;
	Mon, 18 Dec 2000 12:46:34 +0200 (EET)
	(envelope-from never)
Date: Mon, 18 Dec 2000 12:46:34 +0200
From: Nevermind <never@nevermind.kiev.ua>
To: Roman Shterenzon <roman@xpert.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Security Update Tool..
Message-ID: <20001218124634.G607@nevermind.kiev.ua>
References: <20001218112508.E607@nevermind.kiev.ua> <Pine.LNX.4.30.0012181237220.5701-100000@jamus.xpert.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.30.0012181237220.5701-100000@jamus.xpert.com>; from roman@xpert.com on Mon, Dec 18, 2000 at 12:38:46PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello, Roman Shterenzon!

On Mon, Dec 18, 2000 at 12:38:46PM +0200, you wrote:

> On Mon, 18 Dec 2000, Nevermind wrote:
> 
> > > 5) check against /var/db/pkg/* (revisions, and before it was invented -
> > > dates, yes, I know it's weak, but I've nothing to with it).
> > > 6) depending on running mode, complain or upgrade (pkg_delete; pkg_install
> > > -r)
> > I think it would be much better if user will have an ability to choose if he
> > wants to install binary update or to build it from source.
> 
> hmm.. I can make it an option, but tell me, why? if user has some local
> modifications, he'll prefer doing it by himself anyway, and by the time
> advisory is released the binary probably exists already.
Because, maybe user wants to give some specific options to compiler, or maybe
he wants to audit code to know what does it fixes and so on, there are a lot of
reasons to do this way. I think this should be an option, but, as for me the
default should be binary update, so unexperienced users won't blame you and
other FreeBSD developers about non-compiling due to his local gcc/autoconf/etc
problems. For experienced, who wants to know how does it works updating from
source is much more better. For example I use pkg_version(1) to determine what
ports should be updated, and then manually audit patches and comments before
real updating.

I think I explained my position in clear way, even if my English is very bad.


-- 
Alexandr P. Kovalenko	http://nevermind.kiev.ua/
NEVE-RIPE


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message