Patch vs. Upgrade

David Kirchner dpk at dpk.net
Wed Oct 12 12:02:53 PDT 2005


On 10/12/05, Cody Holland <cholland at redmoonbroadband.com> wrote:
> Thanks for the response.  I did  a terrible job of asking the correct
> question to get the response I wanted.  I do know to cvsup the source
> and build/make world.  I currently have 4 FreeBSD servers in production
> serving various tasks.  The question I should have been asking is:
> Is using the security patches provided by the FreeBSD maintainers as
> good as actually updating the whole server?  What are the pros and cons
> of using the security patches vs. full source upgrade via cvsup?

If you cvsup, you're going to get more than just security patches.
Basically, program functions could change in unexpected ways (unless
you read /usr/src/UPDATING and it contains everything changed). When
you do the specific security patch, you're reducing change, and thus
reducing the chance of something else going "wrong" for you.

It's probably safest to just do the security patch. However, if you
ask questions about it on the mailing lists, your "uname -a" output
won't be a complete picture of what has been patched. If you use the
cvsup method, I believe your uname will show something like
'5.4-RELEASE-p7'. Of course, most mailing list replies will be to
upgrade to 6.0 or 7.0 but that's a side issue. :)


More information about the freebsd-questions mailing list