On Sat, Nov 08, 2008 at 01:32:49AM +0100, Jonas Smedegaard wrote: > >Part of the honest worry about these issues comes from very good > >reasons not to just trust everyone. But it also seems that e.g. Debian > >needs to widen its circle of trust to include experts in wider > >varieties of programming. There are plenty of trustworthy Smalltalkers > >and Squeakers, and there is absolutely no reason that some should not > >be on call to deal with perceived problems. > > Depending on interpretation, I think we all agree on that. Including the > Debian ftpmasters. > > Debian in reality trusts all upstreams. And ideally discuss any changes, > including security fixes, with upstream authors. > > At the same time, Debian in theory trusts no upstreams: Each Debian > package maintainer is expected to understand the maintained package(s) > well enough to ensure that the code is reliable. Yes, it is often an > impossible task. But still a sane goal, as long as not blindly assumed > working in reality. > > If you mean that Debian ought to trust upstream to fix bugs and take > care of security issues _instead_ of its own package maintainers, then I > disagree: I believe *both* upstream and the distribution-specific > routines should be applied in parallel. > > Some bugs and flaws can even be caused by the context of the > distribution, so impossible for upstream to spot. An obvious example is > a makefile generating a private key for strong encryption, and the > packaging routines then distributing same pre-compiled private key to > all systems worldwide. In theory upstream authors should have > distinguished the "configure", "build" and "install" phases, but reality > is much more complex. There are many more ways than even using > makefiles. As you would know - snapshotting your live "world" and > distributing that as "source"... :-)
Patches can be applied to an image quite easily from the command line: squeak upstream.image mypatch.cs This is also automatable from within squeak as well. The oldest and most reliable method is the squeak update stream, which applies a linear stream of patches to get from minor version to minor version. a .cs file (changeset) can run any squeak code to patch the image in any way possible, usually by changing the loaded code. -- Matthew Fulmer -- http://mtfulmer.wordpress.com/ _______________________________________________ IAEP -- It's An Education Project (not a laptop project!) IAEP@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/iaep