Re: Security Patches & OpenBSD Newbie

From: Dave Uhring (daveuhring_at_yahoo.com)
Date: 05/23/05 

Date: Mon, 23 May 2005 14:24:14 -0500

On Mon, 23 May 2005 14:50:31 -0400, rbt wrote:

> Everything I've read seems rather clear and straight forward, except for
> one area: How are security patches added to a running OpenBSD system.
> For example, say there is an exploit for cvs that's running on 3.5...
> how would the admin apply the patch? Can it be automated or does it
> require compiling, etc.

Patches are provided in source format only. You require a complete source
tree installed in /usr/src. Instructions for applying the patch are
included with the patch and yes, the patches do require compiling.

> I'm lazy. I want to install and setup an OS once every 5 - 7 years and I
> expect it to be smart enough to half-way take care of itself when it
> comes to patching. Is OpenBSD suitable for this type of usage/neglect?

No, patches for OpenBSD are provided only for -current, the latest release
and the previous release. IOW, you would need to update about every year.

If you want 5-7 years of support you should look into Solaris. But *no*
operating system can be expected to survive that period of time without
compromise if you neglect to maintain it.

Relevant Pages