Date: Wed, 5 Apr 2006 01:47:36 +0400 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: maintenance of Owl systems - security updates, etc. Hi, On Tue, Apr 04, 2006 at 01:19:48PM -0500, Denzel Turner wrote: > Newbie here: Where do I go to find Security Patches and other general > info on Owl 2.0? Owl 2.0 installed ok on an older CPU but I need to know > what to do with this bad boy now that I have it working!!! I hope I understood your question correctly. You're used to seeing other Linux distributions send out security advisories with links to update packages, etc. For Owl, we currently do not publish formal security advisories. Instead, we maintain system-wide changelogs where security fixes are marked specially. If you're running Owl 2.0 and need to determine whether to update, you can have a look at the changes applied to 2.0-stable since your last update (there won't be many): http://www.openwall.com/Owl/CHANGES-2.0-stable.shtml If you'd like to stay at the cutting edge, you can similarly review the changelog for Owl-current: http://www.openwall.com/Owl/CHANGES-current.shtml Please note that unlike -stable changelogs which are exhaustive lists of changes, the -current one lists only significant changes. Whenever a serious security issue is fixed, we will post a heads up in here. Most likely, this will be another Linux kernel bug (yet to be discovered) since our userland is rather good (as evidenced by the two-year experience with Owl 1.1). We might setup a formal notification mechanism for the availability of security fixes eventually. Once you've determined that you'd like to update a system, there are two primary ways to do so: 1. Download the updated binary packages from the proper branch of Owl (for updating 2.0-release, that would be either 2.0-stable or current). Then "make installworld" them over your existing system. 2. Obtain the updates in source code form. You will need the updated CVS tree which may be obtained by a CVS checkout from our anoncvs server or by downloading the native.tar.gz file from our FTP mirrors. You might also need the updated "sources" tree - with tarballs, etc. of third-party software that we base our packages upon - this one may be obtained from the FTP mirrors only. Then "make buildworld" and "make installworld". This may be tricky, especially for -current where certain changes we apply are so invasive that they require multiple iterations of buildworld and installworld until everything builds again. (It is unlikely that any change in 2.0-stable would be this invasive.) To download updated binary packages or replaced third-party source tarballs, it is convenient to use lftp (included in Owl) and its "mirror -e" command. That way, you won't be downloading files which you already have. Perhaps we need a User's Guide which would describe this procedure in detail. Unfortunately, we don't have one currently. So please ask any further questions on this mailing list. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.