Thanks Sebastien, Here’s a new rewrite with your contributions.
If I may, I’d suggest to keep this list item short, as a summary, and maybe write a longer section on the FAQ expanding on it with more detail. If you feel that’s appropriate, I can volunteer to write it too. Carlos Index: faq9.html =================================================================== RCS file: /cvs/www/faq/faq9.html,v retrieving revision 1.113 diff -c -r1.113 faq9.html *** faq9.html 11 May 2015 11:18:30 -0000 1.113 --- faq9.html 29 Jun 2015 08:15:15 -0000 *************** *** 133,138 **** --- 133,153 ---- will be corrected rapidly, not something that will be permitted to continue. + <li>Binary packages are available to install new software through + pkg_add(1), but there are no binary security updates. The team has no resources + to constantly compile binaries for all architectures, they do it only + every -release. You can build your own packages from ports(7). + Thus, unlike Linux distributions, which come with a + package manager which takes care of updates (<tt>yum</tt>, + <tt>apt-get</tt>, etc), there is no single command to update the system + to the latest binary status. Keeping up-to-date (including security errata) + is a bit different. You can either (1) upgrade every -release, + (2) apply patches from<a href="../errata">errata</a> or (3) follow + <a href="../stable">-stable</a>. Binary updates may be obtained + from <a href="https://stable.mtier.org";>a third party</a> for the i386 + and amd64 architectures for the base system, using the same mechanism + than for ordinary packages, and standard packages, for -stable.</li> + <li>OpenBSD has gone through heavy and continual security auditing to ensure the quality (and thus, security) of the code. > On 29 Jun 2015, at 06:54, Sebastien Marie <[email protected]> wrote: > > Hi, > > I would just do some comments inline. > > On Sun, Jun 28, 2015 at 07:20:51PM +0200, Carlos Fenollosa wrote: >> Hi, >> >> I’ve recently discovered OpenBSD after using Linux for more than 15 years. I >> wrote >> a blog article with my impressions and some other users suggested me to >> patch >> faq9.html to help other users migrating. >> >> This patch is regarding the fact that there are no binary updates, which is >> a given thing >> in most Linux distributions, and some tips on how to keep the system updated. >> Since English is not my first language, before merging the patch, please >> make sure the >> wording is proper. >> >> If you think the issue may be interesting to elaborate on, I could write a >> guide of improve >> on stable.html to help newcomers adapt to this method of keeping up to date. >> >> Here’s the whole article if anybody’s interested: >> http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html >> >> Thanks! >> Carlos >> >> PS: This is my first patch, I’m sending it inline as suggested by >> http://www.bsdnow.tv/tutorials/patching-obsd. Apologies if this is not the >> right way. > > it is the good way. thanks for contributing. > >> Index: faq9.html >> =================================================================== >> RCS file: /cvs/www/faq/faq9.html,v >> retrieving revision 1.113 >> diff -u -p -r1.113 faq9.html >> --- faq9.html 11 May 2015 11:18:30 -0000 1.113 >> +++ faq9.html 28 Jun 2015 17:19:45 -0000 >> @@ -133,6 +133,18 @@ The tree is occasionally broken, but thi >> will be corrected rapidly, not something that will be permitted to >> continue. >> >> +<li>There are no binary security updates. The team has no resources >> +to constantly compile binaries for all architectures, they do it only >> +every -release. > >> Thus, unlike Linux distributions, which come with a >> +package manager which takes care of updates (<tt>yum</tt>, >> +<tt>apt-get</tt>, etc), there is no single command to update the system >> +to the latest binary status. > > It is a bit more complex. The package manager under OpenBSD is > pkg_add(1). It is perferctly able to do binaries updates of packages > (note we speak about packages, not the base system). > > But as you noted previously, no binary packages for security updates are > provided for -stable. And if pkg_add(1) haven't a suitable source of > updated packages, it couldn't do it. > > Now, when you build your own packages from ports(7) (after updating it), > the system will build a binary package. And pkg_add(1) will update your > system with this new (updated) package (make install will invoke > pkg_add). > >> Keeping up-to-date (including security errata) >> +is a bit different. You can either (1) upgrade every -release, >> +(2) apply patches from<a href="../errata">errata</a> or (3) follow >> +<a href="../stable">-stable</a>. Binary updates may be obtained >> +from <a href="https://stable.mtier.org";>a third party</a> for the i386 >> +and amd64 architectures.</li> > > mtier provide third party packages for the -stable version for: > - base system (using the same mecanism than for ordinaries packages). > As it is for -stable, it includes errata. > > - standard packages. As it is for -stable, it includes security > updates for packages. > > Thanks. > -- > Sebastien Marie
