<div dir="ltr">Hi!<br><div><div class="gmail_extra"><br><div class="gmail_quote">2017-12-21 14:56 GMT+01:00 Jeroen Roovers <span dir="ltr"><<a href="mailto:jer@airfi.aero" target="_blank">jer@airfi.aero</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi everyone,<br>
<span class=""><br>
<br>
On 21 December 2017 at 14:07, Onorio Catenacci <<a href="mailto:Catenacci@ieee.org">Catenacci@ieee.org</a>> wrote:<br>
> I would say that it's most likely that if you need those patch packages<br>
<br>
</span>I would think most people want or indeed need security patches.<br></blockquote><div><br></div><div><br></div><div>I would think so too. However this patch was handled the same way as any other not planned patch release.<br></div><div>And you do not need to rebuild OTP to use it, it is enough to rebuild the ssl source files <br></div><div>only. This should be easy enough as it is only Erlang code.<br></div><br><div>We will consider if we should have some special handling for security patches in the future.</div><div><br></div><div>Regards Ingela Erlang/OTP Team - Ericsson AB<br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
> you'll need to pull source and build it on your own machine.<br>
<br>
</span>I know I probably should have created a new thread, but I build from<br>
source (for an embedded Linux system) and I have looked at the patch<br>
release news for a while now, and I simply don't see proper<br>
instructions on how to turn the patch release tags from<br>
<a href="https://github.com/erlang/otp/releases" rel="noreferrer" target="_blank">https://github.com/erlang/otp/<wbr>releases</a> into something resembling the<br>
OTP releases from the main download site. It looks like<br>
<a href="https://github.com/erlang/otp/" rel="noreferrer" target="_blank">https://github.com/erlang/otp/</a> is missing all these bundled modules.<br>
If there is a way to update these while building, then I would like to<br>
know how that works, and also how that would work when<br>
cross-compiling.<br>
<br>
Using buildroot <a href="https://buildroot.org/" rel="noreferrer" target="_blank">https://buildroot.org/</a> means creating a host build<br>
(native to the build system) first and using it to create a target<br>
build (native to the target system). This complicates steps involved<br>
in what I can only assume means running a script (or compiles native<br>
code?) that downloads the missing modules.<br>
<br>
See also <a href="https://git.buildroot.net/buildroot/tree/package/erlang/erlang.mk" rel="noreferrer" target="_blank">https://git.buildroot.net/<wbr>buildroot/tree/package/erlang/<wbr>erlang.mk</a><br>
<br>
What puzzles me is that if you're going to announce a security<br>
release, then why does the download page not mention that what you<br>
download from there might be vulnerable? And in the same vein, I can<br>
only guess that some very good reasons are stopping the OTP team from<br>
packaging patch releases for distribution? What constraints might<br>
those be?<br>
<br>
<br>
Kind regards,<br>
jer<br>
______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a><br>
</blockquote></div><br></div></div></div>