Re: Introducing the patchadd binary patch toolchain

[Elad Efrat <elad%NetBSD.org@localhost>]

Forgot to add, that

On Wed, Apr 29, 2009 at 9:02 PM, Elad Efrat <elad%netbsd.org@localhost> wrote:

>> I think the main risk is at the production level.  If it is not easy
>> enough, it will be too much for the time releng@ and s-o@ have.
>
> There are more "risks", but let me paste item #4 for the producers
> from my original email:
>
>   4. After the new files are built, generate updates. This is done using
>      the -G flag. For example, if you just rebuilt for
>      NetBSD-UP2007-0001, and want to generate updates for it:
>
>        haze -G -U NetBSD-UP2007-0001
>
>      The updates will show up in the output dir, /tmp by default, and
>      will be in the form of NetBSD-UP2007-0001-4.0-amd64.tar.gz.

and

        Generate a security advisory skeleton for an update:

          haze -S -U NetBSD-UP2006-0001

> The process, unless obvious, is like this:
>  1. Write the description of the issue -- mostly just the stuff
> that'd go into a SA (or use a tool to generate it)
>  2. Fix the issue in the code, run the build (or have the autobuild
> do it automatically, or whatever)
>  3. After the build finished, run a single command (that can probably
> be attached to the autobuild very easly)

  4. Generate a security advisory with a single command

-e.