Hi, On Tue, Aug 11, 2020 at 10:21:07AM +0300, Oleksandr Kryvulia wrote:
Hi, Last years all Security Advisories regarding base system in the "update your vulnerable system via a source code patch " section recommends to rebuild a whole world instead of an affected part of a base system. This is in a most cases an overhead. For example 9 years old SA-11:04 [1] offers: b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.bin/compress # make obj && make depend && make && make install # cd /usr/src/usr.bin/gzip # make obj && make depend && make && make install What is a reason we stop to do it? I understand that the preferred way now is a binary upgrade.
+1 I've been wondering this as well. What is the reason for it? -- J.
signature.asc
Description: PGP signature