On Sat, Aug 07, 1999 at 10:32:59AM +0200, Nicholas Dille wrote:
hi ya,
i, actually, do not understand what your problem is. If a security hole is found in any program running on a linux system (presuming it is covered by the gpl) a fix will be released by the responsible author after a short period of time. i don't think suse needs to mirror all these sites ... which would leave them no time to put together a new release which, in fact, is mainly an update of packages. and since suse offers their distributions online (though i don't know how complete those archives are) one could just obtain the appropriate package from the curent distribution.
[...] Hi, You're absolutely right, and this is how I update my own systems. If there is a big problem, I won't wait for a package from SuSE, I'll just uninstall the rpm, download the latest source, compile and install. You're also right that providing the types of "patches" I mentioned are just package updates. The whole point is this type of thing is *expected* by many corporations. Then don't want to have to download a tarball to 200 different boxes and do it manually. By providing their own packages, SuSE, supposedly, does a bunch of testing to ensure functionality and compatibility with the rest of the set of software in a given distribution version. As you may know, current Red Hat rpms don't work with SuSE in many cases, as an example. Also, this is basically all Sun is doing too. Sun uses their own "pkg" format which is very similar in concept to rpm. The concept of dependencies and installation/deinstallation are the same. They probably have multiple source trees with only very small variations between them for all the different versions (not to mention x86 as well!) At least SuSE doesn't have to actually write most of the code, they only have to test and integrate it (which is still a lot of work, as you point out.) Let me be clear in that I am not suggesting how SuSE should or shoult not do things, or how these things in generally should be handled. What I was trying to say is that people will want these kinds of guarantees, and the Linux market being what it is, *some* distributions will start providing this type of service. This will no doubt force SuSE and others to do it as well in order to remain competitive. I would humbly suggest, that if this is the case, it is better to lead than to follow. Chris