On Wed, 26 Jun 2002, jolan wrote:

> it's not a problem. install expect and write a script that connects to
> all of your hosts and patches them. it would require a trivial amount
> of effort to automate the process.

Sure. I can do that for me. What I want to achieve is an easy way for
other users of OpenBSD (and indeed other operating systems) to patch their
machines. One that's published, standardised and maybe even officially
blessed.

This improves the security of the whole installed base of OpenBSD. It
helps the people who don't necessarily have the skills to construct the
automation. And besides, having everyone roll their own automation takes
them away from doing other useful stuff. How do we move forward if
everyone is grubbing around in the muck for worms still - all the
achievements of the human race are built by standing on the shoulders of
others.

> > Wouldn't it be better if we spent that lost day doing something more
> > productive?
> like complaining on mailing lists?

I think we have different definitions of the word "complain". I'm not
complaining. I'm discussing. I'm sticking my hand up and saying that I'm
happy to do some work to make this happen. That's not complaining.
That's "participating".

> it's a daemon upgrade. it's not like the whole machine is going to be
> brought down because ssh failed to build.

Probably. I'm talking generally, not specifically about SSH. Any
upgrade/update has the potential to cause you problems.

Yes, the standard of OpenBSD patches is very high and you're _unlikely_ to
run into problems if you follow the instructions. But it certainly is not
impossible for a patch to break something. And no-one is immune to human
error. So you would do well to at least account for the possibility in
your upgrade thought process.

Adrian Close email: adrianclose.wattle.id.au
1 Old Gippsland Rd. web: http://www.close.wattle.id.au/~adrian
Lilydale, VIC, 3140, Australia mobile: +61 412 385 201

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]