FreeBSD or OpenBSD for Python?

Kurt B. Kaiser kbk at shore.net
Sat Mar 20 16:41:12 EST 2004 

Patrick Useldinger <p at trick.lu> writes:

> That is what worries me with OpenBSD. They patch everything in order to
> make things more secure, which is their main focus. But doesn't this
> bring a lot of compatibility issues along? 

The patching to Python is minimal.  They don't patch "everything".  The
base system is audited and unique to OpenBSD but the ports are not.

Many patches are like the one I mentioned: needed to resolve issues
like an incompatibility in the directory tree or libraries.

I agree that the goal is to use the minimum patch necessary to get the
port to work, and then to push whatever possible back upstream so it
can be eliminated in the future.  The distros are the field test for
the applications, and it's common for the patches to be applied there
first.  But the more patches you have, the harder it is to maintain.

If OpenBSD should patch a security issue in the port, wouldn't you
think that the upstream maintainer would want to incorporate it?  When
he does, the patch is no longer required.  If he doesn't, wouldn't you
want the hole fixed in the distro?

> If you compile "plain" Python from www.python.org with the patched
> gcc, who guarantees that it will work?  If you installed a patched
> Python, how can you be certain no bugs have been added?  In any
> case, you're running a configuration that's less tested than the
> "original".

This is true with all distros.  Have you ever looked at the patches
applied by RedHat and Debian?  Have you ever studied the Debian
patches to the Linux kernel?  OpenBSD is hardly the worst.

In many cases the patches applied by the distros are caused by
unresponsive upstream maintainers and/or delays in implementing the
patches fed upstream.

If you don't like the situation, something like Linux from Scratch is
alway an option, but I think you will find that you will be patching the
pristine sources to get a working system :-)

It's the packagers who have the responsibility to make the package
work.  Packagers are carefully screened by responsible distros.

-- 
KBK

More information about the Python-list mailing list