Patch vs. Upgrade
infofarmer at gmail.com
Wed Oct 12 12:43:04 PDT 2005
On 10/12/05, David Kirchner <dpk at dpk.net> wrote:
> On 10/12/05, Cody Holland <cholland at redmoonbroadband.com> wrote:
> > Thanks for the response. I did a terrible job of asking the correct
> > question to get the response I wanted. I do know to cvsup the source
> > and build/make world. I currently have 4 FreeBSD servers in production
> > serving various tasks. The question I should have been asking is:
> > Is using the security patches provided by the FreeBSD maintainers as
> > good as actually updating the whole server? What are the pros and cons
> > of using the security patches vs. full source upgrade via cvsup?
> If you cvsup, you're going to get more than just security patches.
> Basically, program functions could change in unexpected ways (unless
> you read /usr/src/UPDATING and it contains everything changed). When
> you do the specific security patch, you're reducing change, and thus
> reducing the chance of something else going "wrong" for you.
> It's probably safest to just do the security patch. However, if you
> ask questions about it on the mailing lists, your "uname -a" output
> won't be a complete picture of what has been patched. If you use the
> cvsup method, I believe your uname will show something like
> '5.4-RELEASE-p7'. Of course, most mailing list replies will be to
> upgrade to 6.0 or 7.0 but that's a side issue. :)
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
That's just not true. Cvsupping to something like
RELENG_5_4 will do exactly the same thing as
a patch, only it's the hassle-free way. You see
a sec-advisory, you type "cvsup -g -L 2 mysup"
recompile what's suggested in the advisory, or
the whole world - and you're done.
On the contrary to your latter statement, if you
start describing your problem with "I'm on
FreeBSD-Current", you'll be advised to downgrade
to Stable at least.
More information about the freebsd-questions