From: Jonathan A. <jo...@sq...> - 2007-02-02 07:09:51
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was cleaning up my -users and -devel folders, and stumbled across an email that questioned a security patch. Not the patch itself, but the deployment of it. The user had assumed it'd upgrade his 1.4.8 to 1.4.9a. While this isn't going to happen for a security patch, it did make me start thinking. I was thinking of identifying each patch with a specific code that is unique across versions. I was thinking of a bitwise operation of some sort, along with a deployment script. Take for example, you're running 1.4.9a. The version of your SquirrelMail is 1.4.9a patch L0. We release a security update, which we tag as 1, so your patch level becomes L1. Later we release a second patch which is tagged as 2, so applying both patches takes you to L3. Later we release another patch, which is patch 4. Now if you've been a good SquirrelMail admin, your patch level is now L7. However, say you missed patch 2, your patch level is L5. More details on bitwise operations can be found on wikipedia [1] for those unfamiliar with them. This would make it easy to implement a small script to "check updates" by simply posting the version, and patch level to a website, and it returning the possible security updates. Similar scripts could be used to download a .sqp (really a tarball with a version file, and the patch) and apply the patch, and level to the code. Views? Or should I just go back to bed? - -- Jonathan Angliss <jo...@sq...> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFwuL6K4PoFPj9H3MRAmNgAJ9jExDMON0Z+3XbgIcPLjdtHWab2QCg2mdd /r0lUV6ITeQw49tazY6Vd7k= =OMhN -----END PGP SIGNATURE----- |