[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
On Wed, Jun 26, 2002 at 08:31:51PM +1000, email@example.com said:
> This improves the security of the whole installed base of OpenBSD. It
> helps the people who don't necessarily have the skills to construct the
> automation. And besides, having everyone roll their own automation takes
> them away from doing other useful stuff. How do we move forward if
> everyone is grubbing around in the muck for worms still - all the
> achievements of the human race are built by standing on the shoulders of
> > > Wouldn't it be better if we spent that lost day doing something more
> > > productive?
> > like complaining on mailing lists?
> I think we have different definitions of the word "complain". I'm not
> complaining. I'm discussing. I'm sticking my hand up and saying that I'm
> happy to do some work to make this happen. That's not complaining.
> That's "participating".
I'm willing to help with this project. I have done similar things, on a small
and quick 'n dirty level, regarding automating upgrades in the past. I'd like
to see a piece of software available that can be used to automate widespread
upgrades too. Such a beast would be very useful to those of us in large-scale
> > it's a daemon upgrade. it's not like the whole machine is going to be
> > brought down because ssh failed to build.
Maybe not, but if ssh is down, and you don't have a console server (yes, some
of us don't have every box attached to a console server), it can end up being
> Yes, the standard of OpenBSD patches is very high and you're _unlikely_ to
> run into problems if you follow the instructions. But it certainly is not
> impossible for a patch to break something. And no-one is immune to human
> error. So you would do well to at least account for the possibility in
> your upgrade thought process.
Besides all that, being able to run an upgrade on X machines (for large
values of X) by simply issuing a command from an admin box, is a VERY
attractive proposition. It means I can spend the time I would have spent
doing repetitious tasks on something else.
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
[demime 0.98d removed an attachment of type application/pgp-signature]