> After some years of other unices, I finally got a chance to have a go at > a very interesting project with openbsd (redundant hot failover ipsec > gateway + firewall). Everything works just fine up to now, but when I > tried to determine how to further manage (update, patch) the boxes, I > stumbled about some questions that neither google nor openbsd.org nor > various searchable archives could solve or I was not cabable of > understanding. Maybe somebody here more literate that me can help me out > with some pointers. > > Systems were installed with 3.7 from /pub/OpenBSD/3.7/i386/floppy37.fs > and ftp set files (bsd, bsd.rd, base, etc, comp, misc, man). Then added > sys.tar.gz and src.tar.gz to /usr/src. I want to follow the -stable branch. > > 1) With the above install lots of software came onto my disk that I do > not want nor need (named, httpd, inetd ...). How can I get rid of those > in a consistent way, since they don't show in pkg_info?
You don't get rid of it. Is it hurting you? It is not even denting your disk. > 2) I assume that the answer to the following question is "yes", but I'd > like to double-check: Is there really no way to upgrade a single > package/program to a recent version in a consistent way? No. There is no particular need. > 3) At the time I installed the systems, openssl.org was at version 0.98. > Openbsd 3.7 still came with openssl 0.97d. What about the various > issues/bugs that have been raised against the openssl versions since > 0.97d (ASN parsing etc.)? Do I just have to wait for 3.8 to have them > fixed or have the fixes been backported and are already included in > 3.7-stable? Or were they just not severe enough to be considered for > patching? I've cvs up'd and recompiled the whole system just now and > openssl remains at 0.97d. You wait. If those issues were more than minor (or irrelevant, since the Linux vendors love to cry wolf about stuff that doesn't matter) we would have a patch with instructions. > 4) Are patched binary packages released if there is a patch to the > source? If yes, do those packages carry the same version numbers as the > original one or do they have new ones? No. There are no patches. > You see: The openbsd software management concept is rather arcane to me. > Would somebody shed a little light for a lost soul? Hints? Pointers? Howtos? The basic summary is that we try to fix the bugs before we ship the software. Yes, I know... that's a radical departure from the way that most of the operating system vendors operate. (I suppose a basic premise is that we don't really get money from more people the first time around, so we don't need to ship them busted software so that they will upgrade to newer releases and give us money. They just don't give us money, so there is no need to ship broken software).
