DragonFly kernel List (threaded) for 2006-02
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: pkgsrc packaging of base?
David Kirchner <dpk@xxxxxxx> wrote:
> Paul Allen <pallen@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> > The defining feature of the base system in FreeBSD is a set
> > of libraries whose versioning is considered as a set and where
> > library number bumps are carefully planned with respect to
> > changes. Thus ensuring that it is relatively easy to run old
> > binaries on new systems, and ensuring that you are usually
> > free of upgrade hell--within the scope of the basesystem.
> > (at least that is the goal....)
> >
> > Furthmore these library changes are carefully matched to
> > changes in the sysctl's, ioctls, and syscalls.
> >
> > This is a golden bit of work that makes FreeBSD work well
> > (and that Dragonfly has inherited).
>
> It makes it work well right up until gzip or some other program ends
> up with a security hole, and then you have to either manually patch it
Which is usually very easy.
> (having no way to verify later if it was patched other than 'md5')
The patches should increase the RCS/CVS ID, so you can use
ident(1) on the binary.
> or upgrade the entire OS to -STABLE.
Which is usually quite easy, too.
There's a third possibility: Download a patched binary.
Same effect as manually patching and compiling it, but
some people might prefer not to do that themselves.
> Without packaging up the base system, updating a small amount of
> servers (100 or so) becomes a very difficult task
Uhm, I've done that in the past (FreeBSD). It's not
difficult at all, provided that the server farm has
been designed and set up in a reasonable way (with
updating in mind, right from the beginning).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]