FreeBSD Patch question
Bruce M Simpson
bms at spc.org
Sat Sep 27 15:50:01 PDT 2003
On Sat, Sep 27, 2003 at 03:40:35PM -0400, V. Jones wrote:
> Thanks to everyone who responded - my question really had more to do with applying patches as they are presented in the various security advisories. It sounds like most of you don't do it that way; it sounds like you track freebsd-stable using cvsup. However, section 18.104.22.168 of the handbook seems to advise against doing this when all you want to do is apply security fixes:
> "While it is true that security fixes also go into the FreeBSD-STABLE branch, you do not need to track FreeBSD-STABLE to do this. Every security advisory for FreeBSD explains how to fix the problem for the releases it affects  , and tracking an entire development branch just for security reasons is likely to bring in a lot of unwanted changes as well."
You can track a RELEASE branch instead, this is one reason for their
existence. Only security-officer@ has the power to mandate that a patch
be committed to a release branch after it has been released.
This is what I do for my production machines.
More information about the freebsd-security