[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability

To: Adrian Close <adrian@close.wattle.id.au>
Subject: Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
From: jolan <jolan@enteract.com>
Date: Wed, 26 Jun 2002 06:01:57 -0500 (CDT)
Cc: <misc@openbsd.org>

> Sure.  I can do that for me.  What I want to achieve is an easy way for
> other users of OpenBSD (and indeed other operating systems) to patch their
> machines.  One that's published, standardised and maybe even officially
> blessed.

so running patch -p0 < patch-file and following the directions is too
complicated all of a sudden? the faqs, webpages, and manpages weren't
written to practice typing.


> This improves the security of the whole installed base of OpenBSD.  It
> helps the people who don't necessarily have the skills to construct the
> automation.  And besides, having everyone roll their own automation takes
> them away from doing other useful stuff.  How do we move forward if
> everyone is grubbing around in the muck for worms still - all the
> achievements of the human race are built by standing on the shoulders of
> others.

you don't have to make your own automation. read release(8). grab the
source. build it. distribute tarballs to the hosts you need to update.
easier?


> I think we have different definitions of the word "complain".  I'm not
> complaining.  I'm discussing.  I'm sticking my hand up and saying that I'm
> happy to do some work to make this happen.  That's not complaining.
> That's "participating".

so what work are you going to do to make this happen? what ideas do you
have?


> Probably.  I'm talking generally, not specifically about SSH.  Any
> upgrade/update has the potential to cause you problems.

yes. x has the potential to do harm. where x is anything at all in life.


> Yes, the standard of OpenBSD patches is very high and you're _unlikely_ to
> run into problems if you follow the instructions.  But it certainly is not
> impossible for a patch to break something.  And no-one is immune to human
> error.  So you would do well to at least account for the possibility in
> your upgrade thought process.

okay. so human error is taken into account. the upgrade process is
streamlined and made easier somehow via fool proofing. a much more inept
type of fool is found.


you seem to forget that the openbsd team does not have an infinite
amount of resources. it's enough of a challenge backporting patches to
3.0 and 3.1 in a timely manner. what do you want exactly? re-built
binaries and libraries too?


who's going to cover the increased cost of bandwidth when re-rolled
userland packages are distributed rather than small patches to
accomodate the people who are "discussing"?


openbsd does not cater to the lowest common denominator.

References:
- Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
  - From: Adrian Close <adrian@close.wattle.id.au>

Prev by Date: Re: UsePrivilegeSeparation, 2.9/sparc?
Next by Date: DNS resolver buffer overflow
Prev by thread: Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
Next by thread: Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
Index(es):
- Date
- Thread