Subject: Re: Dynamically Linked NetBSD-Current
To: None <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 12/14/2002 12:47:37
[ On Friday, December 13, 2002 at 19:44:49 (-0800), Jeremy C. Reed wrote: ]
> Subject: Re: Dynamically Linked NetBSD-Current
> On Fri, 13 Dec 2002, Dan Melomedman wrote:
> > > Another thing that I remember about that OpenBSD security advisory
> > > (and this was a while ago now) was that, at least initially, they told
> > > you to recompile the effected statically linked binaries but they
> > > didn't mention which ones were actually effected. This was why I
> > > immediately perked up when I heard about this.
> > Probably because they were too lazy to find what was affected in the
> > distribution.
> NetBSD has done same thing.
> Maybe it's to encourage updates for other static software that may have
> been forgotton for previous issues.
That kind of encouragement would be much better achieved by making more
frequent and timely releases.
(having a better installer and upgrade assisting tools helps too!!! ;-)
> Also, might as well keep everything using same libraries especially when
> troubleshooting possible future issues.
Again, that's solved much more effectively by creating more frequent and
timely full releases that are more easily used to upgrade existing
Note too that I think volunteer groups like the NetBSD core developers
have enough on their plate just maintaining the current release. It
might help all-around to have them deprecate their own direct support of
older release branches more quickly (i.e. immediately upon the creation
of a new release). People who really need ongoing support of older
releases can (and should) pay third party developers for this effort.
Even commercial GNU/Linux developers like Red Hat don't _really_ support
their older releases on branches!
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>