Patches & Modules - Questions and your Opinion?
Terry Chan
tpchan at comcast.net
Mon Mar 17 18:15:25 CET 2008
To date there are probably both types of patches in moonbase. Mostly we strive
for patches that are only necessary to get a module to compile/run/install
correctly. Occaisionally we have the patches that are for security updates too,
but those tend to be in the security-related apps, like moonbase/crypto or
moonbase/security.
We try NOT to include bash patches, unless someone can show they are absolutely
critical-type patches. GLIBC patches tend to fall into the same category. Your
glibc example is moot as glibc is at 2.7 in moonbase currently.
As to who decides whether a patch is needed -- that would mainly be a lunar dev
who is willing to TEST and document such a patch, or a really determined lunar
user, who submits such a patched module.
Terry Chan
------------------------------------------------------------------
On Mon, Mar 17, 2008 at 05:33:12PM +0100, Jean-Michel Brünn wrote:
> Hello,
>
> i have short questions about patches and modules in moonbase. If i remember correct we want patches for modules only if they're needed. So my questions:
>
> 1. Who defines wether a patch is needed?
> 2. How about patches like branch updates from official side, fixing bugs, possibly not critical bugs.
> 3. How about patches giving optionally more security or adding features?
>
> Could be that you want examples.. so here are some:
>
> Bash fixes
> 1. http://ftp.gnu.org/gnu/bash/bash-3.2-patches/
>
> Glibc (hardening)
> 2. http://www.linuxfromscratch.org/patches/hlfs/svn/glibc-2.5.1-arc4_prng-2.patch
>
> I know that everything is running without that patches, but wouldn't it be better and giving more security to add such patches? We could add those patches "if available" so we won't wait for a patch before we switch a module to a newer version. Anyway, i know that would perhaps mean more testing.
>
> Would be glad to get some answers.
>
> Cheers
> Jean
More information about the Lunar-dev
mailing list