Re: HEADS UP: Release schedule for 2006

From: Kövesdán Gábor <gabor.kovesdan_at_t-hosting.hu>
Date: Sat, 17 Dec 2005 23:35:34 +0100
Wilko Bulte wrote:

>On Sat, Dec 17, 2005 at 01:54:34PM -0800, Joe Rhett wrote..
>  
>
>>On Fri, Dec 16, 2005 at 12:04:05AM -0700, Scott Long wrote:
>>    
>>
>>>There will be three FreeBSD 6 releases in 2006.
>>>      
>>>
>>While this is nice, may I suggest that it is time to put aside/delay one
>>release cycle and come up with a binary update mechanism supported well by
>>the OS?  Increasing the speed of releases is good.  Increasing the number
>>of deployed systems out of date because there are no easy binary upgrade
>>mechanisms is bad.
>>
>>It has been bad, it's getting worse.
>>    
>>
>
>So, when will you fix it?  Or hire someone to fix it?  FreeBSD after
>all is mostly a volunteer operation.
>
>  
>
I agree. And after all, tracking a security branch isn't too difficult, 
but the most people think that they have to do a complete "make 
buildworld" after a security advisory, but this isn't true. For example 
there was that cvsbug issue in September:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
One can read here:

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/cvs/cvsbug
# make obj && make depend && make && make install
# cd /usr/src/gnu/usr.bin/send-pr
# make obj && make depend && make && make install

Is that difficult? I don't think so. No reboot required and it doesn't 
take more than 5 minutes even on a slower machine. Only the 
vulnerabilities in the kernel are problematic for servers, since they 
require a reboot. I think I'll submit a PR with a patch to clarify this 
in Handbook. Do you consider this useful?

Regards,

Gabor Kovesdan
Received on Sat Dec 17 2005 - 21:35:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC