Date: Wed, 10 Jul 2002 14:20:53 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Rahul Siddharthan <rsidd@online.fr> Cc: Alexey Dokuchaev <danfe@regency.nsu.ru>, Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, arch@freebsd.org Subject: Re: Package system wishlist Message-ID: <3D2CA535.EC11BDA1@mindspring.com> References: <20020710210509.GA686@lpt.ens.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Rahul Siddharthan wrote: > > It is a prerequisite for: > > > > o Ability to do binary upgrades of the base system in order to > > automatically (e.g. via cron) obtain, and optionally install, > > security and other fixes. > > For people who are running -release, what about having an executable > shell script, which contains uuencoded patched binaries and, when > executed, unpacks them and installs them to the proper locations (like > the shell-script "installers" provided by some commercial software > vendors), overwriting the old binaries? > > For people who're running -stable, well, I suppose they don't mind a > make world. But such a shell archive may still work. > > The full bells-and-whistles of a package/ports system are needed for > clean uninstalling and dependency tracking. For security fixes in the > base system, it seems to me, it's overkill. o I would like to be able to run a cron job that fetches a file of path names to files that are part of my current release, and known to have had security problems, and corresponding MD5 hashes of the fixed files, to compare to, and issue a security report and/or automatically add security patches to the system. o I would like to be able to redefine any release from being "Release X" to "Release X plus all relevent security patches" or "Release X plus all relevent security and performance patches", as a site local option. This is mostly an issue for an installed system with poor upgrade prospects, but a long life expectancy, e.g. for RackSpace.com or a similar situation. The combinatorics for a large number of patches which accumulate slowly over time end up making this problematic. I can re-donate my "patchkit" code, but that means serializing security updates through a human being, and applying them all in order, even if one update completely overwrites the contents of another (i.e. "download 4M of obsolete binaries" ... "download 4M again"). 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D2CA535.EC11BDA1>