Subject: Re: today's openssh version 3.7
To: Michael G. Schabert <mikeride@mac.com>
From: Frederick Bruckman <fredb@immanent.net>
List: current-users
Date: 09/19/2003 09:02:25
On Fri, 19 Sep 2003, Michael G. Schabert wrote:

> At 10:36 AM +0200 9/19/03, Christian Limpach wrote:
> >
> >I'd hope that at some point we'd be able to provide binary updates which
> >include only the updated files and can be extracted over an installed
> >system.

"Me, too."

> Too many architectures, too many updates. Between 1.6.0 and now (on
> release), there have been hundreds of little changes pulled up at
> various times. While you could only do the ones with security
> advisories about them, you'd be missing the other fixes to the base
> system. This really needn't ever be done for -current IMO (we're
> discussing this on current-users)... -current users take
> responsibility for their own systems and should be able to update
> parts (or the whole) as necessary.

No, of course it doesn't make any sense to do it for current -- you
have frequent, complete snapshots for updating current -- and as far
as non-security fixes to the branch, that's what the next release is
for. For fixes for critical problems in the latest release, it would
be nice to have binary mini-patch-releases labeled
"NetBSD-1.6.1-SAnnnnnnn". "syspkgs" aren't the answer to this, either,
since there's no way to know at the time the packages are demarked
exactly which binaries will turn out to be vulnerable; it just
requires more resources than we've ever had available, so far.

Frederick