Date: Sat, 19 Sep 2015 02:35:42 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds Message-ID: <86fv2bw8ip.fsf@nine.des.no> In-Reply-To: <20150918140821.62C8885B8@smtp.des.no> (Roger Marquis's message of "Fri, 18 Sep 2015 07:07:59 -0700 (PDT)") References: <CAD2Ti2_YNkNi2b=PzFCwu3PVaP8hOzADys3=-k0AqvsDRhJpzA@mail.gmail.com> <86vbb7dhaa.fsf@nine.des.no> <20150918134659.GB28949@FreeBSD.org> <20150918140821.62C8885B8@smtp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis <marquis@roble.com> writes: > This issue is one of the reasons secure sites do not use binary packages > or freebsd-update. It also illustrates problems admins have when > required to buildworld/installworld when all they should need to do is > "cd /usr/src/crypro/openssh&&make install" (for example). Does anyone > have a link to the archived discussion detailing why this functionality > was deprecated? It has not been deprecated. If you're referring upgrading instructions in security advisories etc., they generally just say "build and install world" because providing precise instructions for an incremental rebuild would require much more work on secteam's part, and there would be a significant risk of error both on secteam's and the user's part. Here's the correct sequence for OpenSSH: # cd /usr/src/secure # for d in lib/libssh */s* ; do (cd $d && make cleandir && make obj && make= depend all install) ; done # service sshd restart DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86fv2bw8ip.fsf>