Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Apr 2012 16:21:39 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: file update

Mesut -

On Tue, Apr 10, 2012 at 08:40:30AM +0300, Mesut Can G?rle wrote:
> I have a question about packaging. I packaged the "file"

You mean you've updated the existing package to new upstream version, right?

> but I am not sure
> about patches. Fedora provides some patches. I think I must also research
> what other distros do like Debian.

We tend to look at Fedora/RHEL and ALT Linux.  The rest are optional
unless there's a specific reason to review patches in another distro
(e.g., we know that a certain distro has a security fix that we need).

ALT Linux:
http://sisyphus.ru/en/srpm/Sisyphus/file
http://packages.altlinux.org/en/Sisyphus/srpms/file
(currently their "file" is out of date, though).

Fedora:
http://pkgs.fedoraproject.org/gitweb/?p=file.git

Most of the Debian-derived patches that we have in Owl are due to
Michail Litvak's personal preference.  He updated many packages for us
in the past.  This is OK, but we do not have a policy to check Debian
for patches to import.

A problem with Debian patches, in my experience, is that they very often
stay in the package (including in Debian's) even when they're no longer
needed (the same issues are already fixed in the new upstream version -
just in a different way).  For example, when I carefully reviewed our
set of patches in our man-pages package previously maintained by Michail
and thus containing lots of Debian-derived patches, I ended up dropping
almost all of those patches for specific reasons.

> So if I work like this. This process may
> go slowly. To speed up what do you recommend me about patches to be applied
> to packages. I researched on security sites like securityfocus and had a
> look at project's bug discussions and other distribution's bug disscussions.

I recommend that you check only a handful of other distros.  Then post
in here about each patch in our original package (that you're updating)
and in your new proposed revision of it - for each patch, include a
brief explanation (in your owl-dev posting) of why you're proposing to
drop/add/keep it.

For "file", chances are that most of our current patches may be dropped.

> Please post the above paragraph to the owl-dev thread on "file" (reply
> to my message there).  This is best discussed on the list, where the
> discussion may benefit other prospective contributors as well.
> 
> Thanks,
> 
> Alexander

Wow, that's some weird quoting/misattribution.  (For others on the list:
I wrote the above in a private e-mail to Mesut.)

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ