Patches & Modules - Questions and your Opinion?

Kok, Auke sofar at foo-projects.org
Mon Mar 17 18:10:44 CET 2008


Jean-Michel Brünn wrote:
> Hello,
> 
> i have short questions about patches and modules in moonbase. If i remember
> correct we want patches for modules only if they're needed. So my questions:
> 
> 1. Who defines wether a patch is needed?

you

> 2. How about patches like branch updates from official side, fixing bugs,
> possibly not critical bugs.

if we need those patches because something breaks then we should add them. if
nothing breaks then we don't care.

a good example is gcc: sometimes the fixes are really badly needed and sometimes
they are for some obscure arch, and we don't care at all. same for the kernel.

> 3. How about patches giving optionally more security or adding features?

that's really a fuzzy term ("more security") and I don't see that we should waste
much time on that. there is not really a lot of demand in the lunar community for
"super secure" linux. most of the time because it is secure already and the extra
secureness is just a patch for people who don't "think" secure but just want to
"feel" more secure.

> Could be that you want examples.. so here are some:
> 
> Bash fixes 1. http://ftp.gnu.org/gnu/bash/bash-3.2-patches/

nothing is broken really, lunar works OK - so this is really not needed IMHO

> Glibc (hardening) 2.http://www.linuxfromscratch.org/patches/hlfs/svn/glibc-2.5.1-arc4_prng-2.patch

our glibc is at 2.7... is this really not an old patch?

> I know that everything is running without that patches, but wouldn't it be
> better and giving more security to add such patches? We could add those patches
> "if available" so we won't wait for a patch before we switch a module to a
> newer version. Anyway, i know that would perhaps mean more testing.

that's OK - like I said it is really up to the developer. If you think it's worth
for everyone to recompile an app because of something AND you think it's worth for
others to do so as well because it will improve their experience then it's a safe
bet and go for it.

if that's not the case then you should obviously reconsider.

Cheers,

Auke




More information about the Lunar-dev mailing list