netbsd-help: Re: Trying to update Sendmail

Subject: Re: Trying to update Sendmail - What am I doing wrong?
To: Frederick Bruckman <fredb@immanent.net>
From: Paul Hoffman <phoffman@proper.com>
List: netbsd-help
Date: 03/04/2003 16:00:03
At 5:52 PM -0600 3/4/03, Frederick Bruckman wrote:
>On Tue, 4 Mar 2003, Paul Hoffman wrote:
>
>>  At 2:23 PM -0600 3/4/03, Frederick Bruckman wrote:
>>  >  > # cvs update -d -P -r netbsd-1-6 gnu/dist/sendmail/sendmail
>>  >>  anoncvs.netbsd.org: Connection refused
>>  >>  cvs [update aborted]: end of file from server (consult above
>>  >>messages if any)
>>  >>  #
>
>>  # ls -l CVS/Root
>>  -rw-r--r--  1 root  wheel  36 Sep 11 17:45 CVS/Root
>>  # cat CVS/Root
>>  anoncvs@anoncvs.netbsd.org:/cvsroot
>
>Ah, so "ssh" access to anoncvs.netbsd.org is down. I just checked:
>
>   fredb@tautology-> cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co -c
>   ssh_exchange_identification: Connection closed by remote host
>   cvs [checkout aborted]: end of file from server (consult above 
>messages if any)
>
>>From your earlier post, it seems like you really wanted to use
>"pserver, and at least one of the admins has stated adamantly that
>pserver is nicer to the server, so it would probably be best to
>convert your tree to pserver. Something like this:
>
>   find . -type d  -name CVS \
>   |(while read d
>   do
>       echo :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot > $d/Root
>   done)
>
>Hmm, you know, the whole server seems to be down:
>
>   fredb@tautology-> cvs -d :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot co -c
>   cvs [checkout aborted]: connect to anoncvs.netbsd.org:2401 failed: 
>Connection timed out
>
>But when it comes back up, you probably want "pserver" anyhow.
>If you specify a server with "-d", it overrides what's in the
>"CVS/Root"'s, but doesn't change any "CVS/Root", so you can use that
>to try a different mirror until anoncvs.netbsd.org comes back up.
>("co -c" just cats the module database, which is only a few lines
>long, and doesn't write anything to your file system.)

Er, so why are we doing this whole CVS song-and-dance instead of 
patches on an FTP server? If even you couldn't easily determine that 
the server that was built into the distribution was down, or not 
using some protocol, or whatever, doesn't this indicate a pretty 
serious problem for those of us who just want to follow the security 
announcements?

As two people pointed out to me off-list, updating for this on the 
Other Major BSD went flawlessly. "FTP from any mirror" seems much 
more reliable than this...