FreeBSD Patch question

Bruce M Simpson bms at
Sat Sep 27 15:50:01 PDT 2003

On Sat, Sep 27, 2003 at 03:40:35PM -0400, V. Jones wrote:
> Thanks to everyone who responded - my question really had more to do with applying patches as they are presented in the various security advisories.  It sounds like most of you don't do it that way; it sounds like you track freebsd-stable using cvsup.  However, section of the handbook seems to advise against doing this when all you want to do is apply security fixes:
> "While it is true that security fixes also go into the FreeBSD-STABLE branch, you do not need to track FreeBSD-STABLE to do this. Every security advisory for FreeBSD explains how to fix the problem for the releases it affects [1] , and tracking an entire development branch just for security reasons is likely to bring in a lot of unwanted changes as well."

You can track a RELEASE branch instead, this is one reason for their
existence. Only security-officer@ has the power to mandate that a patch
be committed to a release branch after it has been released.

This is what I do for my production machines.


More information about the freebsd-security mailing list