[Patch] New item to the "Migrating to OpenBSD" guide

classic Classic list List threaded Threaded
34 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[Patch] New item to the "Migrating to OpenBSD" guide

Carlos Fenollosa
Hi,

I’ve recently discovered OpenBSD after using Linux for more than 15 years. I wrote
a blog article with my impressions and some other users suggested me to patch
faq9.html to help other users migrating.

This patch is regarding the fact that there are no binary updates, which is a given thing
in most Linux distributions, and some tips on how to keep the system updated.
Since English is not my first language, before merging the patch, please make sure the
wording is proper.

If you think the issue may be interesting to elaborate on, I could write a guide of improve
on stable.html to help newcomers adapt to this method of keeping up to date.

Here’s the whole article if anybody’s interested:
http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html

Thanks!
Carlos

PS: This is my first patch, I’m sending it inline as suggested by
http://www.bsdnow.tv/tutorials/patching-obsd. Apologies if this is not the right way.


? patch-faq9.diff
Index: faq9.html
===================================================================
RCS file: /cvs/www/faq/faq9.html,v
retrieving revision 1.113
diff -u -p -r1.113 faq9.html
--- faq9.html   11 May 2015 11:18:30 -0000      1.113
+++ faq9.html   28 Jun 2015 17:19:45 -0000
@@ -133,6 +133,18 @@ The tree is occasionally broken, but thi
 will be corrected rapidly, not something that will be permitted to
 continue.
 
+<li>There are no binary security updates. The team has no resources
+to constantly compile binaries for all architectures, they do it only
+every -release. Thus, unlike Linux distributions, which come with a
+package manager which takes care of updates (<tt>yum</tt>,
+<tt>apt-get</tt>, etc), there is no single command to update the system
+to the latest binary status. Keeping up-to-date (including security errata)
+is a bit different. You can either (1) upgrade every -release,
+(2) apply patches from<a href="../errata">errata</a> or (3) follow
+<a href="../stable">-stable</a>. Binary updates may be obtained
+from <a href="https://stable.mtier.org">a third party</a> for the i386
+and amd64 architectures.</li>
+
 <li>OpenBSD has gone through heavy and continual security auditing to
 ensure the quality (and thus, security) of the code.
 


Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Denis Fondras
> This patch is regarding the fact that there are no binary updates, which is a
> given thing
>

What you missed : https://stable.mtier.org/

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Adam Wolk-2
On Sun, 28 Jun 2015 19:55:58 +0200
Denis Fondras <[hidden email]> wrote:

> > This patch is regarding the fact that there are no binary updates,
> > which is a given thing
> >
>
> What you missed : https://stable.mtier.org/

What do you mean? The author mentioned mtier.org both in his original
blog post and the patch sent to this mailing list.

Regarding the patch itself:

+<a href="../stable">-stable</a>. Binary updates may be obtained
+from <a href="https://stable.mtier.org">a third party</a> for the i386
+and amd64 architectures.</li>

If it's going to be merged then it's probably worth to mention that
some OpenBSD developers work for mtier directly. Each time mtier is
mentioned someone is deemed to chime in with "but I don't trust them"
even though the same people commit code to the base OS...

Regards,
Adam

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
> What do you mean? The author mentioned mtier.org both in his original
> blog post and the patch sent to this mailing list.

Author? Exactly whose ground are you defending here, Adam?

> If it's going to be merged then it's probably worth to mention that

if... and you're on top of each other arguing already

Just reread the text and consider if there is actually some hidden
context or offensive agenda somebody is pushing around, just to make a
remote point elsewhere.

> mentioned someone is deemed to chime in with "but I don't trust them"

quit that garbage

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Michael McConville
In reply to this post by Carlos Fenollosa
On Sun, Jun 28, 2015 at 07:20:51PM +0200, Carlos Fenollosa wrote:
> This patch is regarding the fact that there are no binary updates,
> which is a given thing in most Linux distributions, and some tips on
> how to keep the system updated.

It may be worthwhile to mention that updates are comparatively very
rare. I'd estimate that Ubuntu's stable distribution has been pushing a
new kernel or two kernel a week lately along with countless other
updates. A Debian/Ubuntu user reading that might imagine themselves
manually patching and building constantly.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
In reply to this post by Carlos Fenollosa
> I’ve recently discovered OpenBSD after using Linux for more than 15 years.  

Long time, no see? And you blogged and achieved your goal of... making
yourself expressed, critically on your own controlled web space.

> I wrote
> a blog article with my impressions and some other users suggested me to patch
> faq9.html to help other users migrating.  

Without reading much of the documentation to gain reasonable production
usage, you're trying to mend the OpenBSD site to say it is lacking
something that you thought worth having according to your current
limited to Linux experience.

Never occurred to you it may be intentional?

> This patch is regarding the fact that there are no binary updates, which is a given thing
> in most Linux distributions, and some tips on how to keep the system updated.  

And you consider this a service to other Linux long time users? Or a
way to try push some notion of yours - criticise and try to lobby for
some other entity's interests.

> Since English is not my first language, before merging the patch, please make sure the
> wording is proper.  

The pushing of binary patches notion is not appropriate.

For a project that provides binary base OS and binary packages for ports
on multiple architectures, and signed distribution of base and
packages, before anyone else adopted these impressive achievements, you
think in your own universe (and your advisor's) this group is resource
constrained and incapable of providing binary patches to current and
stable?

Read the docs, don't be lazy and overly assuming. You're polluting the
Internet with incorrect information which is a disservice to both
newcomers from Linux and to the OpenBSD community.

> If you think the issue may be interesting to elaborate on, I could write a guide of improve
> on stable.html to help newcomers adapt to this method of keeping up to date.  

You're actually trying to scare people off, because you can't handle
the lean and effective process of managing OpenBSD, justifying
this with the unconfirmed fact you were "advised" by somebody.

Realistically, you could have consulted off list before trying this
stunt.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Mike Burns
On 2015-06-29 00.03.09 +0300, [hidden email] wrote:
> And you consider this a service to other Linux long time users? Or a
> way to try push some notion of yours - criticise and try to lobby for
> some other entity's interests.

Do you have a patch that achieves the same goal (that is, the goal he
stated, not the one you're reading into) that is up to your standards?

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Carlos Fenollosa
In reply to this post by lists-2
Hi,

I’m sorry that it came off that way. Did you read the whole article? No that you should have, but it addresses most of the points that you mention

I understand that OpenBSD owes me nothing (and vice versa) and I was just trying to help. The decision to merge that information is not mine to do, however, I honestly thought it could help people looking for a more thorough comparison between Linux and the BSDs.

I’ve been using free software and contributing to it for a long time, in different projects, you can google it. I have no link to any institution or software/political group. You seem to be about certain that I have some sort of agenda, why? I’m curious.
 
Anyway, I honestly was just trying to help. Writing the patch took me 5 minutes so just forget about it. I don’t want to create a bad mood on a place I just arrived at.

Carlos

> On 28 Jun 2015, at 23:03, [hidden email] wrote:
>
>> I’ve recently discovered OpenBSD after using Linux for more than 15 years.  
>
> Long time, no see? And you blogged and achieved your goal of... making
> yourself expressed, critically on your own controlled web space.
>
>> I wrote
>> a blog article with my impressions and some other users suggested me to patch
>> faq9.html to help other users migrating.  
>
> Without reading much of the documentation to gain reasonable production
> usage, you're trying to mend the OpenBSD site to say it is lacking
> something that you thought worth having according to your current
> limited to Linux experience.
>
> Never occurred to you it may be intentional?
>
>> This patch is regarding the fact that there are no binary updates, which is a given thing
>> in most Linux distributions, and some tips on how to keep the system updated.  
>
> And you consider this a service to other Linux long time users? Or a
> way to try push some notion of yours - criticise and try to lobby for
> some other entity's interests.
>
>> Since English is not my first language, before merging the patch, please make sure the
>> wording is proper.  
>
> The pushing of binary patches notion is not appropriate.
>
> For a project that provides binary base OS and binary packages for ports
> on multiple architectures, and signed distribution of base and
> packages, before anyone else adopted these impressive achievements, you
> think in your own universe (and your advisor's) this group is resource
> constrained and incapable of providing binary patches to current and
> stable?
>
> Read the docs, don't be lazy and overly assuming. You're polluting the
> Internet with incorrect information which is a disservice to both
> newcomers from Linux and to the OpenBSD community.
>
>> If you think the issue may be interesting to elaborate on, I could write a guide of improve
>> on stable.html to help newcomers adapt to this method of keeping up to date.  
>
> You're actually trying to scare people off, because you can't handle
> the lean and effective process of managing OpenBSD, justifying
> this with the unconfirmed fact you were "advised" by somebody.
>
> Realistically, you could have consulted off list before trying this
> stunt.
>


Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
> I understand that OpenBSD owes me nothing (and vice versa) and I was just trying to help. The decision to merge that information is not mine to do, however, I honestly thought it could help people looking for a more thorough comparison between Linux and the BSDs.

Are you by chance being mislead to post this to tech@ instead of
updating your own web site?

> Anyway, I honestly was just trying to help. Writing the patch took me 5 minutes so just forget about it. I don’t want to create a bad mood on a place I just arrived at.

Please post to misc@ these discussions.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
In reply to this post by Mike Burns
> Do you have a patch that achieves the same goal (that is, the goal he
> stated, not the one you're reading into) that is up to your standards?

One that reversed the submission of the proposed patch, correcting it
and this thread to an empty string.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Bryan Steele
On Mon, Jun 29, 2015 at 01:02:44AM +0300, [hidden email] wrote:
> > Do you have a patch that achieves the same goal (that is, the goal he
> > stated, not the one you're reading into) that is up to your standards?
>
> One that reversed the submission of the proposed patch, correcting it
> and this thread to an empty string.

Carlos' patch may not be appropriate, but you're kind of a
condecending jerk, especially for someone who's apparently
never sent mail to the OpenBSD lists before. Who are you?

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Matthew Via
In reply to this post by lists-2
> Without reading much of the documentation to gain reasonable production
> usage, you're trying to mend the OpenBSD site to say it is lacking
> something that you thought worth having according to your current
> limited to Linux experience.
>
> Never occurred to you it may be intentional?

> The pushing of binary patches notion is not appropriate.
>
> For a project that provides binary base OS and binary packages for ports
> on multiple architectures, and signed distribution of base and
> packages, before anyone else adopted these impressive achievements, you
> think in your own universe (and your advisor's) this group is resource
> constrained and incapable of providing binary patches to current and
> stable?

Is this a joke, perhaps a terribly unclever attempt at trolling?  Lack of
resources is about the only good reason there is for not providing
binary updates.  The wonderful signed binary package infrastructure is
not terribly useful if by the time it is released, you have to build
ports from CVS to not have security vulnerabilities anyway!
Clearly I am not the only one who thinks this is not "intentional",
given the existance of m:tier, which as discussed is even run by
OpenBSD maintainers.

> Read the docs, don't be lazy and overly assuming. You're polluting the
> Internet with incorrect information which is a disservice to both
> newcomers from Linux and to the OpenBSD community.

Given that the topic is about people moving from Linux to OpenBSD, and
how it is normal in the Linux world to have binary updates... what here
is incorrect, or a disservice? I've been using OpenBSD for most of a
decade and I think this is a fine addition given the context of what
someone from the Linux world expects.

> You're actually trying to scare people off, because you can't handle
> the lean and effective process of managing OpenBSD, justifying
> this with the unconfirmed fact you were "advised" by somebody.

...

attachment0 (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
> Lack of
> resources is about the only good reason there is for not providing
> binary updates.

That's not true.

Further, base + packages are updated frequently in snapshots, which is
exactly a binary upgrade path for users without worry.

This works exceedingly well and is well stated in the following current
and stable pages.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Theo de Raadt
In reply to this post by Carlos Fenollosa
> > Lack of
> > resources is about the only good reason there is for not providing
> > binary updates.
>
> That's not true.

It must feel absolutely glorious to bask in your anonymity and make
such a strong claim.

I personally am not going to spend a second working on binary updates
until I know there are 20+ other developers also dedicated to making
it happen, and once it starts happening -- keeps happening forever.

That's the lack of resources I am talking about.

I have no idea what you are talking about. Nor who you are.

Since I don't know who you are, it is probably best to assume you are
not the right person to believe regardin reasons for our lack of
attention towards binary updates.


Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
> > > Lack of
> > > resources is about the only good reason there is for not providing
> > > binary updates.
> >
> > That's not true.
>
> It must feel absolutely glorious to bask in your anonymity and make
> such a strong claim.

There are no strong claims. The other good reasons are to manage the
updates manually as has been so far via instructions in the errata
pages, saving some effort and empty discussions.

That might also help learn in the process, beneficial to the users
following stable on more than one system.

> I personally am not going to spend a second working on binary updates
> until I know there are 20+ other developers also dedicated to making
> it happen, and once it starts happening -- keeps happening forever.

That's exactly the idea, not do it or do it right and keep doing the
task.

So the discussion is to probably best put these upgrade details in the
upgrade guide, not in the migration guide in the meantime.

Without delegating resources until deemed necessary and no need to
state explicitly "they have no binary upgrades" on the migration guide.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Theo de Raadt
In reply to this post by Carlos Fenollosa
> So the discussion is to probably best put these upgrade details in the
> upgrade guide, not in the migration guide in the meantime.
>
> Without delegating resources until deemed necessary and no need to
> state explicitly "they have no binary upgrades" on the migration guide.

I think you've already said enough nasty stuff, and noone will
pay attention to your wishes anymore.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
> I think you've already said enough nasty stuff

Right.

> I personally am not going to spend a second working on binary updates
> until I know there are 20+ other developers also dedicated to making
> it happen, and once it starts happening -- keeps happening forever.

Well, not near one, but I volunteer for binary errata patch on current
for i386 and amd64 (the only archs I own for now).

May need hand holding at first, but eager to test and perfect the
procedure.

The forever part is a group thing, I'm in. Please kick me at the right
time and I'll pick up the task.

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Theo de Raadt
In reply to this post by Carlos Fenollosa
> Well, not near one, but I volunteer for binary errata patch on current
> for i386 and amd64 (the only archs I own for now).

People are going to use binary patches from you?

Who are you?  What is your name?  That's the first step to establish
trust.

Boy, that's a pretty clever joke!

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

lists-2
> > Well, not near one, but I volunteer for binary errata patch on current
> > for i386 and amd64 (the only archs I own for now).
>
> People are going to use binary patches from you?

I was hoping to try help with testing at least.

> Who are you?  What is your name?  That's the first step to establish
> trust.

An OpenBSD user for a decade, this does not change the trust state.
My name is Anton Lazarov from Bulgaria.

If this is some hot topic that I stepped on, how do you propose one
gets into good terms with these before acting on potentially
controversial posts?

Reply | Threaded
Open this post in threaded view
|

Re: [Patch] New item to the "Migrating to OpenBSD" guide

Sebastien Marie-2
In reply to this post by Carlos Fenollosa
Hi,

I would just do some comments inline.

On Sun, Jun 28, 2015 at 07:20:51PM +0200, Carlos Fenollosa wrote:

> Hi,
>
> I’ve recently discovered OpenBSD after using Linux for more than 15 years. I wrote
> a blog article with my impressions and some other users suggested me to patch
> faq9.html to help other users migrating.
>
> This patch is regarding the fact that there are no binary updates, which is a given thing
> in most Linux distributions, and some tips on how to keep the system updated.
> Since English is not my first language, before merging the patch, please make sure the
> wording is proper.
>
> If you think the issue may be interesting to elaborate on, I could write a guide of improve
> on stable.html to help newcomers adapt to this method of keeping up to date.
>
> Here’s the whole article if anybody’s interested:
> http://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html
>
> Thanks!
> Carlos
>
> PS: This is my first patch, I’m sending it inline as suggested by
> http://www.bsdnow.tv/tutorials/patching-obsd. Apologies if this is not the right way.

it is the good way. thanks for contributing.

> Index: faq9.html
> ===================================================================
> RCS file: /cvs/www/faq/faq9.html,v
> retrieving revision 1.113
> diff -u -p -r1.113 faq9.html
> --- faq9.html   11 May 2015 11:18:30 -0000      1.113
> +++ faq9.html   28 Jun 2015 17:19:45 -0000
> @@ -133,6 +133,18 @@ The tree is occasionally broken, but thi
>  will be corrected rapidly, not something that will be permitted to
>  continue.
>  
> +<li>There are no binary security updates. The team has no resources
> +to constantly compile binaries for all architectures, they do it only
> +every -release.

> Thus, unlike Linux distributions, which come with a
> +package manager which takes care of updates (<tt>yum</tt>,
> +<tt>apt-get</tt>, etc), there is no single command to update the system
> +to the latest binary status.

It is a bit more complex. The package manager under OpenBSD is
pkg_add(1). It is perferctly able to do binaries updates of packages
(note we speak about packages, not the base system).

But as you noted previously, no binary packages for security updates are
provided for -stable. And if pkg_add(1) haven't a suitable source of
updated packages, it couldn't do it.

Now, when you build your own packages from ports(7) (after updating it),
the system will build a binary package. And pkg_add(1) will update your
system with this new (updated) package (make install will invoke
pkg_add).

> Keeping up-to-date (including security errata)
> +is a bit different. You can either (1) upgrade every -release,
> +(2) apply patches from<a href="../errata">errata</a> or (3) follow
> +<a href="../stable">-stable</a>. Binary updates may be obtained
> +from <a href="https://stable.mtier.org">a third party</a> for the i386
> +and amd64 architectures.</li>

mtier provide third party packages for the -stable version for:
  - base system (using the same mecanism than for ordinaries packages).
    As it is for -stable, it includes errata.

  - standard packages. As it is for -stable, it includes security
    updates for packages.

Thanks.
--
Sebastien Marie

12