On Sat, Mar 25, 2017 at 08:49:22AM +0000, Andreas Thulin wrote: > Hi all! >
Hey!, > I'm running 6.0 -stable using openup for patching. I think it works very > well since it's so convenient. At the same time I realise there are trust > and security concerns with people like myself, who "blindly" install > patches without understanding the details. I suppose my problem is that I'm > not a developer and cannot make a fair assessment just by reading code, so > neither patch method would be secure for me. I'm the risk, so to speak. > I'm not familiar with openup, but the official patches are always described at: https://www.openbsd.org/errata60.html (for 6.0). The official patches are cryptographically signed. > Anyway, to my question(s): Is openup considered good or bad practise, and > for what reasons, as you see them? Has there ever been plans among OpenBSD > developers to make following -stable easier for "users" such as myself? > > I failed to find enough info about this topic in the archives, but please > point me in the right direction if you happen to know about applicable > threads. > OpenBSD 6.1 will have the (new) syspatch(8) tool for base system binary patches: http://man.openbsd.org/syspatch.8 . > Humbly, > Andreas > -- Kind regards, Hiltjo
