On Apr 15, 2007, at 3:09 AM, Stuart Henderson wrote:
On 2007/04/15 02:37, Bryan Vyhmeister wrote:
The original poster seemed to be asking more about an incremental
update system. Maybe that's the wrong term but something along the
lines of the name-your-favorite-linux-distribution setup. An example
might be yum in CentOS (and others) or apt-get in Debian. This seems
like a much more complicated option. While possible, it would take a
lot of work. Any thoughts on this part?
That follows from the "base OS" being a bunch of unrelated packages
as done in most Linux distributions.
That's very true and that is one big reason why I like OpenBSD so much.
One way of doing this would be to provide a tarball that contains all
of the affected files or binaries relevant to the particular fix or
possibly one large tarball with every fix for -stable up to that
point. This could be installed with tar or even a nice little shell
script. What about this?
I run -current on most systems, but I would imagine that many people
who made the more conservative decision to run -stable rather than
-current would probably prefer not to trust third-party binaries
either.
(As an aside, how often do you update your -current systems and do
you run -current on production servers?)
I realize that this is always the issue when you are dealing with non-
official binaries. In a production environment, I do build my own
releases and all to use internally but I also recognize that this can
be a pain for some people. Certain architectures like mac68k take
next to forever to finish a release. The last time I tried with 3.9,
it took a week and then failed with something. As soon as 4.1 has
some security errata, I am going to attempt the build again on
mac68k. It isn't worth it with 4.0 now that 4.1 is right around the
corner. Of course this brings up the point that in a production
setting, you really would have no good reason to be using mac68k
machines. Other more powerful architectures can be patched pretty
easily.
I guess the ideal really would be for someone to put the work into
developing a good way to distribute an update tarball like I referred
to above and then this work could be integrated into the base system
or something. Whoever put the work into this could I suppose do the
work of creating the tarballs but these "official" updates could be
distributed through the usual mirrors and such. That would be nice
but reality sets in. I may just start fiddling around with this
concept when I have a little more time.
Bryan
