[erlang-questions] Windows Patch Packages?

Ingela Andin ingela.andin@REDACTED
Tue Jan 2 10:50:12 CET 2018


2017-12-21 14:56 GMT+01:00 Jeroen Roovers <jer@REDACTED>:

>      Hi everyone,
> On 21 December 2017 at 14:07, Onorio Catenacci <Catenacci@REDACTED> wrote:
> > I would say that it's most likely that if you need those patch packages
> I would think most people want or indeed need security patches.

I would think so too. However this patch was handled the same way as any
other not planned patch release.
And you do not need to rebuild OTP to use it, it is enough to rebuild the
ssl source files
only. This should be easy enough as it is only Erlang code.

We will consider if we should have some special handling for security
patches in the future.

Regards Ingela Erlang/OTP Team - Ericsson AB

> > you'll need to pull source and build it on your own machine.
> I know I probably should have created a new thread, but I build from
> source (for an embedded Linux system) and I have looked at the patch
> release news for a while now, and I simply don't see proper
> instructions on how to turn the patch release tags from
> https://github.com/erlang/otp/releases into something resembling the
> OTP releases from the main download site. It looks like
> https://github.com/erlang/otp/ is missing all these bundled modules.
> If there is a way to update these while building, then I would like to
> know how that works, and also how that would work when
> cross-compiling.
> Using buildroot https://buildroot.org/ means creating a host build
> (native to the build system) first and using it to create a target
> build (native to the target system). This complicates steps involved
> in what I can only assume means running a script (or compiles native
> code?) that downloads the missing modules.
> See also https://git.buildroot.net/buildroot/tree/package/erlang/erlang.mk
> What puzzles me is that if you're going to announce a security
> release, then why does the download page not mention that what you
> download from there might be vulnerable? And in the same vein, I can
> only guess that some very good reasons are stopping the OTP team from
> packaging patch releases for distribution? What constraints might
> those be?
> Kind regards,
>      jer
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180102/e0c76893/attachment.htm>

More information about the erlang-questions mailing list