
OpenBSD 5.5 Released - throwaway2048
http://www.openbsd.org/55.html?hn
======
bananas
I'm increasingly impressed with the progress that OpenBSD is making. They're
hitting some real problems on the head and actually letting us know what the
changes are in a concise form as they always have.

Compare this to a Ubuntu LTS release which is virtually impossible to
determine a detailed change list for past the marketing and UI changes.

~~~
pyvpx
I'm not sure what constitutes progress, but in my experience OpenBSD has been
doing this since 3.3 (when I started using it regularly)

~~~
bananas
I've been using it since 2.4 as well but the progress is remarkable
considering the team size and funding. Progress for me is the replacement of
non-BSD licensed parts and top notch re-engineering of the old rusty bits as
well as hardware support which is pretty damn solid and reliable.

------
ninjin
Don't miss out on the release song and the accompanying brief write-up about
the release.

[http://www.openbsd.org/lyrics.html#55](http://www.openbsd.org/lyrics.html#55)

------
darklajid
Pain points for me: The package management and upgrades.

If I'm not mistaken (perfectly possible, I'm really no expert and only browsed
OpenBSD documentation here and there)

\- you have no decent binary packages FreeBSD guys online complain a lot about
the current pkgng changes, but the direction is great: Build from ports,
install binaries elsewhere.

This is something I really really like, since I tend to avoid building stuff
on production machines and since I don't want to (even temporarily - and that
means you have to clean up!) pull in pure build time dependencies. FreeBSD
solved this for my use case with pkgng and the ability to easily host your own
repository. I have a build machine and run portshaker/poudriere to create
exactly the (binary) packages I need. Installation on the targets is a breeze.

\- consider the heartbleed issue

As far as I understand the OpenBSD project issued a patch (as in text file)
and told you to rebuild the related parts of your base system (or everything)?
FreeBSD has binary updates for these kind of things.

I'm not trying to bash OpenBSD or promote FreeBSD, I guess the general idea
behind this post is that I'm interested in the project OpenBSD, but feel that
running OpenBSD would probably too much tinkering than I'd like ( _cough_ I
guess I'm saying that I'm lazy?).

But maybe, maybe, I'm wrong about one or both of these "issues"? Maybe there
are 3rd party helpers that make everything very, very easy (just like
portshaker/poudriere on FreeBSD are tools I install from ports, i.e. not part
of base)? I'd be happy to be enlightened.

~~~
avsm
> you have no decent binary packages

This is completely incorrect. OpenBSD has been all about building reproducible
binary packages for quite a long time now, and the ports tree is regularly
bulk-built and failing ports fixed or swept out of the way. The key difference
from FreeBSD is that OpenBSD binary package sets are released every six months
with the base system, and you are expected to upgrade them during a system
upgrade.

It's as simple as `pkg_add -ui` if you point the PKG_PATH to a remote OpenBSD
distribution mirror.

One advantage of upgrading ports with the base system is that caveats are all
conveniently listed in the upgrade guide for that release. E.g. for 5.4->5.5:
[http://www.openbsd.org/faq/upgrade55.html#Pkgup](http://www.openbsd.org/faq/upgrade55.html#Pkgup)

~~~
darklajid
Cool! Thanks for correcting me.

That said: I need more stuff than the ports tree contains (I .. checked NetBSD
and FreeBSD, plus a couple of Linux distributions. I admit that I haven't
checked all my packages against OpenBSD's ports tree, but I assume I'm
correct). Plus, I do need the occasional update without waiting 6 month. How
would I do that?

For comparison: On FreeBSD I use portshaker to create a ports tree that is a
mixture of upstream (FreeBSD) and other sources (a git repository, in my
case). If FreeBSD doesn't bump a package and PRs take a whiiiiile, I bump that
thing in my overlay.

poudriere allows me to build (in bulk) all my relevant packages in jails, is
clever enough to rebuild just the stuff that changed (or where I changed the
config) and spits out a directory structure that represents a pkgng repository
with (optional) signed binary packages.

pkgng is pointed to my repository (actually it supports multiple sources, apt
like. Can PKG_PATH do that?), which contains now builds from upstream ports
and my overlay.

How would I (hoping that you have a couple of minutes and can prove me wrong
once more)

\- build binary packages for ports that either don't exist upstream (stuff I
ported) or are outdated upstream?

\- distribute those in a decent way (PKG_PATH swapping..?)

I guess I'm left with the question whether we're talking about the same thing
when we're saying 'decent binary packages'? I'm sure you can OpenBSD works
well for the intended use - but 'decent' wasn't an objective attribute here,
it was more a subjective 'decent for my needs' kind of thing. More details
above.

In the end, pkg_* feel like ooold Solaris, or like using Slackware again.
That's package management on a different level and feels like a step down from
apt/yum/pacman/pkgng. Again: Probably it's just a matter of convenience and my
laziness in the end, but so far I feel that's not for me.

~~~
avsm
I'll just point you at the ports and packages documentation, which has answers
to all your questions:
[http://www.openbsd.org/faq/faq15.html](http://www.openbsd.org/faq/faq15.html)

~~~
darklajid
Fair enough. Here's an upvote, that's probably the right answer.

That said: I read that page. Multiple times. It doesn't help me mapping my
portshaker/poudriere setup into something in the OpenBSD world so far. On the
other hand: It makes no sense to expect that answer from you either, so ..
back to the first line, full circle. :)

------
0x0
time_t is now always 64bit! Good to see someone working proactively on the
y2k38 problem.

~~~
throwaway2048
the most headache inducing issues by far are going to be file formats and
network protocols that integrate 32bit unix timestamps, which are numerous.

NTP is one such example.

This is a much worse and much more fundamental issue than the y2k bug was, I
hope people aren't writing off the severity, the time to start dealing with it
is now.

~~~
0x0
Agreed, it's pretty scary. On the other hand, I'm sure similar problems were
tackled for y2k with the 2-digit fields everywhere. If we built it, we can
rebuild it. Although a _lot_ of software and hardware will need
replacing/upgrading/switching over to new protocols.

~~~
Sanddancer
They were, however, given that a lot of things have life in the field of
several decades, now is the time to start fixing it so it doesn't become a mad
rush. Yes, it means less money for devs 23 years from now as they madly rush
to update software, but I'd rather that money be spent for devs to make future
programs awesome than to worry about our ghosts.

------
edwintorok
The addition of signify is also interesting:
[http://www.tedunangst.com/flak/post/signify](http://www.tedunangst.com/flak/post/signify)

------
ja27
I know Theo and others are opposed to it, but I still would like to see it on
the Raspberry Pi. Kind of a missed opportunity to make it easy for lots of
people to give OpenBSD a try.

[http://marc.info/?l=openbsd-
misc&m=132788027403910&w=2](http://marc.info/?l=openbsd-
misc&m=132788027403910&w=2)

~~~
jolan
Well the Beaglebone Black is supported which is pretty much a more powerful
Raspberry Pi and only costs $10 more.

~~~
angersock
Anywhere you can actually _buy_ one, though? They seem to be on backorder
everywhere I've checked.

------
protomyth
Do remember to apply the patches
[http://www.openbsd.org/errata55.html](http://www.openbsd.org/errata55.html)

~~~
cauterize
This strategy really hit home for my dinkly little router. I don't have the
disk or CPU resources to compile these patches. Is there no other way to get
the updates other than wait for the next release?

~~~
clarry
You can run -current snapshots. Caveat: the system changes, packages change,
things are not always in sync. You might have to upgrade to a newer snapshot
if you want to add binary packages after a while. This doesn't affect you if
you only use software from base, or only use packages that can be installed
around the time you install the system.

Alternatively, you can get binary patches from M:Tier:

[https://stable.mtier.org/](https://stable.mtier.org/)

~~~
cauterize
Thanks for the link!

------
snake_plissken
Regarding the 2k38 problem, 24 years from now will any 32-bit systems still be
in production? Won't mean-time-to-failure handle this for us? Software wise,
it might be a different story.

~~~
mrweasel
Not only will they be in production, they will still be built and designed.

Stuff like nuclear power-plants and bridges also have a slightly high mean-
time-to-failure than my laptop. 24 years isn't that long for infrastructure.

------
muyuu
I preordered the CDs a few weeks ago. Looking forward to the stickers and
maybe some surprise :-)

~~~
muyuu
Woha and I received it in the mail today! Happy times.

------
jorgecastillo
My favorite operating system, unfortunately I had to uninstall it since I
intend to learn Android development. If you haven't tried it yet & it looks
like it has the software you need I invite you to give it a try.

------
clarry
Actual release announcement:

[http://marc.info/?l=openbsd-
misc&m=139895775701963&w=2](http://marc.info/?l=openbsd-
misc&m=139895775701963&w=2)

------
mykhal
$title =~ s/Released/to be \l$& today/

~~~
edwintorok
You can download it already, although it seems the packages are missing on
some mirrors for 5.5 still.

~~~
protomyth
Some of the mirrors take an extra day.

