[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability

To: Adrian Close <adrian@close.wattle.id.au>
Subject: Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
From: Scott Francis <darkuncle@darkuncle.net>
Date: Wed, 26 Jun 2002 09:55:16 -0700
Cc: jolan <jolan@enteract.com>, misc@openbsd.org
Content-Disposition: inline
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,Adrian Close <adrian@close.wattle.id.au>, jolan <jolan@enteract.com>,misc@openbsd.org
References: <Pine.BSF.4.32L2.0206260443520.77524-100000@shell-3.enteract.com> <Pine.BSO.4.43.0206262008110.13046-100000@orca.close.wattle.id.au>
User-Agent: Mutt/1.3.25i

On Wed, Jun 26, 2002 at 08:31:51PM +1000, adrian@close.wattle.id.au said:
[snip]
> This improves the security of the whole installed base of OpenBSD.  It
> helps the people who don't necessarily have the skills to construct the
> automation.  And besides, having everyone roll their own automation takes
> them away from doing other useful stuff.  How do we move forward if
> everyone is grubbing around in the muck for worms still - all the
> achievements of the human race are built by standing on the shoulders of
> others.

Hear, hear.

> > > Wouldn't it be better if we spent that lost day doing something more
> > > productive?
> > like complaining on mailing lists?
>
> I think we have different definitions of the word "complain".  I'm not
> complaining.  I'm discussing.  I'm sticking my hand up and saying that I'm
> happy to do some work to make this happen.  That's not complaining.
> That's "participating".

I'm willing to help with this project. I have done similar things, on a small
and quick 'n dirty level, regarding automating upgrades in the past. I'd like
to see a piece of software available that can be used to automate widespread
upgrades too. Such a beast would be very useful to those of us in large-scale
environments.

> > it's a daemon upgrade. it's not like the whole machine is going to be
> > brought down because ssh failed to build.

Maybe not, but if ssh is down, and you don't have a console server (yes, some
of us don't have every box attached to a console server), it can end up being
bad news.

> Yes, the standard of OpenBSD patches is very high and you're _unlikely_ to
> run into problems if you follow the instructions.  But it certainly is not
> impossible for a patch to break something.  And no-one is immune to human
> error.  So you would do well to at least account for the possibility in
> your upgrade thought process.

Besides all that, being able to run an upgrade on X machines (for large
values of X) by simply issuing a command from an admin box, is a VERY
attractive proposition. It means I can spend the time I would have spent
doing repetitious tasks on something else.
--
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui

[demime 0.98d removed an attachment of type application/pgp-signature]

References:
- Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
  - From: Adrian Close <adrian@close.wattle.id.au>

Prev by Date: Re: privsep checking
Next by Date: warnings compiling openssh3.4 on openbsd3.0
Prev by thread: Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability
Next by thread: DNS resolver buffer overflow
Index(es):
- Date
- Thread