[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
> Sure. I can do that for me. What I want to achieve is an easy way for
> other users of OpenBSD (and indeed other operating systems) to patch their
> machines. One that's published, standardised and maybe even officially
so running patch -p0 < patch-file and following the directions is too
complicated all of a sudden? the faqs, webpages, and manpages weren't
written to practice typing.
> This improves the security of the whole installed base of OpenBSD. It
> helps the people who don't necessarily have the skills to construct the
> automation. And besides, having everyone roll their own automation takes
> them away from doing other useful stuff. How do we move forward if
> everyone is grubbing around in the muck for worms still - all the
> achievements of the human race are built by standing on the shoulders of
you don't have to make your own automation. read release(8). grab the
source. build it. distribute tarballs to the hosts you need to update.
> I think we have different definitions of the word "complain". I'm not
> complaining. I'm discussing. I'm sticking my hand up and saying that I'm
> happy to do some work to make this happen. That's not complaining.
> That's "participating".
so what work are you going to do to make this happen? what ideas do you
> Probably. I'm talking generally, not specifically about SSH. Any
> upgrade/update has the potential to cause you problems.
yes. x has the potential to do harm. where x is anything at all in life.
> Yes, the standard of OpenBSD patches is very high and you're _unlikely_ to
> run into problems if you follow the instructions. But it certainly is not
> impossible for a patch to break something. And no-one is immune to human
> error. So you would do well to at least account for the possibility in
> your upgrade thought process.
okay. so human error is taken into account. the upgrade process is
streamlined and made easier somehow via fool proofing. a much more inept
type of fool is found.
you seem to forget that the openbsd team does not have an infinite
amount of resources. it's enough of a challenge backporting patches to
3.0 and 3.1 in a timely manner. what do you want exactly? re-built
binaries and libraries too?
who's going to cover the increased cost of bandwidth when re-rolled
userland packages are distributed rather than small patches to
accomodate the people who are "discussing"?
openbsd does not cater to the lowest common denominator.