netbsd-help: Re: Clarify Patch Application Method Please ?

Subject: Re: Clarify Patch Application Method Please ?
To: Nick Boyce <nick@glimmer.demon.co.uk>
From: David Brownlee <abs@netbsd.org>
List: netbsd-help
Date: 09/28/2000 19:15:14

On Thu, 28 Sep 2000, Nick Boyce wrote:

> > 	It may be that its stripped when being installed - try 'strip
> > 	ftpd'.
> 
> That seems to be it - I ran 'strip ftpd' and got a binary of exactly
> the same size as the release version.
> 
	Glad that has been cleared up :)

> > > Also, how should I install the new binary ?  Using "make install", or
> > > do I just copy the binary to /usr/libexec and make sure it's
> > > permissions are set the same as the original ?
> > > 
> > 	'make install' should do the right thing.
> 
> Thanks (noting the comment from Manuel Bouyer that I would also need
> to extract src/libexec/Makefile.inc from the tarball in order for
> 'make install' to work).
> 
	Ahem - I always tend to have the whole tree unpacked :)

> I'd be happy to - I'm already building a document - where should I
> send it for review ?   And what format - plain text, or HTML in the
> style of a www.netbsd.org webpage ?
> 
	Ideally would be in nroff -mdoc :) Otherwise HTML would be
	fine, to www@netbsd.org

> One final issue - problem even: I note that the patch doesn't change
> the daemon's version string - it hasn't changed from 
> 
>   220 rccnx4 FTP server (Version: 7.1.0) ready.
> 
> So how are we to tell that the patch is in ?
> (You know - my successor, after I've gone, and nobody can find the
> system documentation ;-).  Satan-style vulnerability scanners wouldn't
> know what to think either (which might be a good thing :-).
> 
> I wondered whether I should post this query to the tech-security list,
> but I note that that doesn't seem to be an active list (last posting
> in Dec 1999 !?), and I also guess the NetBSD project likes things the
> way they are on this point.  What's the score here ?
> 
	Thats definitely worth asking on tech-security. I can assure you
	its still active - where did you see the old archive?

> I realise a simple version number increment doesn't really cover it
> (some people might not apply every patch), but maybe a "patch-present"
> bitmap, displayed as a hex string ...

	A version increment is probably good enough - we don't tend to
	have so many patches for a given program that people should be
	picking and choosing, and if they do, they can pick their own
	version :)

                David/absolute
			       -- www.netbsd.org: A pmap for every occasion --