RE: [owl-users] maintenance of Owl systems - security updates, etc.

From: Denzel Turner (denzel.turner@private)
Date: Tue Apr 04 2006 - 14:59:19 PDT


   Thank you all for such in-depth explanations. I know I am in the right
place!!!

-----Original Message-----
From: Solar Designer [mailto:solar@private] 
Sent: Tuesday, April 04, 2006 4:48 PM
To: owl-users@private
Subject: [owl-users] maintenance of Owl systems - security updates, etc.


Hi,

On Tue, Apr 04, 2006 at 01:19:48PM -0500, Denzel Turner wrote:
>    Newbie here: Where do I go to find Security Patches and other 
> general info on Owl 2.0? Owl 2.0 installed ok on an older CPU but I 
> need to know what to do with this bad boy now that I have it 
> working!!!

I hope I understood your question correctly.  You're used to seeing other
Linux distributions send out security advisories with links to update
packages, etc.

For Owl, we currently do not publish formal security advisories. Instead, we
maintain system-wide changelogs where security fixes are marked specially.
If you're running Owl 2.0 and need to determine whether to update, you can
have a look at the changes applied to 2.0-stable since your last update
(there won't be many):

	http://www.openwall.com/Owl/CHANGES-2.0-stable.shtml

If you'd like to stay at the cutting edge, you can similarly review the
changelog for Owl-current:

	http://www.openwall.com/Owl/CHANGES-current.shtml

Please note that unlike -stable changelogs which are exhaustive lists of
changes, the -current one lists only significant changes.

Whenever a serious security issue is fixed, we will post a heads up in here.
Most likely, this will be another Linux kernel bug (yet to be
discovered) since our userland is rather good (as evidenced by the two-year
experience with Owl 1.1).

We might setup a formal notification mechanism for the availability of
security fixes eventually.

Once you've determined that you'd like to update a system, there are two
primary ways to do so:

1. Download the updated binary packages from the proper branch of Owl (for
updating 2.0-release, that would be either 2.0-stable or current). Then
"make installworld" them over your existing system.

2. Obtain the updates in source code form.  You will need the updated CVS
tree which may be obtained by a CVS checkout from our anoncvs server or by
downloading the native.tar.gz file from our FTP mirrors. You might also need
the updated "sources" tree - with tarballs, etc. of third-party software
that we base our packages upon - this one may be obtained from the FTP
mirrors only.  Then "make buildworld" and "make installworld".  This may be
tricky, especially for -current where certain changes we apply are so
invasive that they require multiple iterations of buildworld and
installworld until everything builds again. (It is unlikely that any change
in 2.0-stable would be this invasive.)

To download updated binary packages or replaced third-party source tarballs,
it is convenient to use lftp (included in Owl) and its "mirror -e" command.
That way, you won't be downloading files which you already have.

Perhaps we need a User's Guide which would describe this procedure in
detail.  Unfortunately, we don't have one currently.  So please ask any
further questions on this mailing list.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar



This archive was generated by hypermail 2.1.3 : Tue Apr 04 2006 - 14:59:58 PDT