Fantastic, thanks for info! I'll look into syspatch, of course. :-) BR, Andreas lör 25 mars 2017 kl. 12:11 skrev Hiltjo Posthuma <hil...@codemadness.org>:
> On Sat, Mar 25, 2017 at 08:49:22AM +0000, Andreas Thulin wrote: > > Hi all! > > > > Hey!, > > > I'm running 6.0 -stable using openup for patching. I think it works very > > well since it's so convenient. At the same time I realise there are trust > > and security concerns with people like myself, who "blindly" install > > patches without understanding the details. I suppose my problem is that > I'm > > not a developer and cannot make a fair assessment just by reading code, > so > > neither patch method would be secure for me. I'm the risk, so to speak. > > > > I'm not familiar with openup, but the official patches are always described > at: https://www.openbsd.org/errata60.html (for 6.0). The official patches > are > cryptographically signed. > > > Anyway, to my question(s): Is openup considered good or bad practise, and > > for what reasons, as you see them? Has there ever been plans among > OpenBSD > > developers to make following -stable easier for "users" such as myself? > > > > I failed to find enough info about this topic in the archives, but please > > point me in the right direction if you happen to know about applicable > > threads. > > > > OpenBSD 6.1 will have the (new) syspatch(8) tool for base system binary > patches: http://man.openbsd.org/syspatch.8 . > > > Humbly, > > Andreas > > > > -- > Kind regards, > Hiltjo
