On Wed, Dec 16, 2009 at 02:40:44AM +0900, Masao Uebayashi wrote: > > > > I can't answer it because I don't see how things like > > > > "Sets, subsets, syspkgs, and MK*" affect on creating > > > > binary patches. > > Think NetBSD 6.0 gets a security bug in YP code (USE_YP). Because it changes > global signature, all binary users have to apply that patch. Even if your > 1,000 machines don't use YP at all. > > > > > We can simply create binary patches > > > > from two sets of DESTDIR, can't we? > > Creating global binary patches would be like that. Global binary patch > meaning all users have to apply all patches. Binary patches are accumulative > like Windows SP1, SP2, ... > > You don't want to waste your precious weekend to apply unrelated binary > updates against 1,000 machines. Does this answer your question? I don't think you'll convince anyone with that argument. Nobody forces anyone to apply a patch, no matter what form it takes. If a SA says a binary patch is for YP users, then the admin of that 1000 machine site that doesn't use YP will not apply the patch. I don't see the problem there. If you want to go down that road of enabling the user to not install YP support (and all related binaries) on a system, there will be some substantial sysinst work invovled, too... Discussions about syspkgs have been around for so long you'd think people would at least start agreeing on what their purpose would be. This (binary updates delivery) is at least the third advocated use for them, after system minimalization (the initial pitch, as far as I know; I'm pretty sure it started long before I had even heard of NetBSD), and the make-base-updatable-by-pkgsrc one that surfaces every now and then. -- Quentin Garnier - cube%cubidou.net@localhost - cube%NetBSD.org@localhost "See the look on my face from staying too long in one place [...] every time the morning breaks I know I'm closer to falling" KT Tunstall, Saving My Face, Drastic Fantastic, 2007.
Description: PGP signature