Date: Fri, 12 May 2000 15:00:47 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Igor Roshchin <str@giganda.komkon.org> Cc: David Pick <D.M.Pick@qmw.ac.uk>, freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <Pine.NEB.3.96L.1000512145530.44824B-100000@fledge.watson.org> In-Reply-To: <200005121852.OAA89027@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On of the simplifying assumptions here that makes the whole idea of binary security updates feasible is that you are working from a well-known code base. The service I'm willing to provide (and have time to provide) would specifically target the most recent -RELEASE version, and be intended to apply on an otherwise un-modified system. I would provive both KerberosIV and non-Kerberos versions, as I support Kerberos on some of my own machines; however, if it's going to get any more complicated than that, I don't have time to implement it, but would be glad for someone else to pick up the project. My thoughts on dependencies, et al, have been: 1) Binary patches will only be available against the most recent -RELEASE 2) Binary patch packages will depend on all prior binary patches being installed 3) Source patches use to build the binary patched version seem like a good idea. All of this is centered on requiring a very well-defined environment, in which the patch will not break other patches installed, introduce new holes, et al. As I said above, anything more complicated requires rethinking, and should be done in the context of source revision control, etc. This addresses only security concerns; if we want sliding version management in a binary manner across -STABLE, that's another target for another project :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000512145530.44824B-100000>