cvsup tag for ports

Michael bsdquestions at
Sun Feb 11 01:51:26 UTC 2007

Erik Trulsson wrote:
> On Sat, Feb 10, 2007 at 03:41:58PM -0800, Michael wrote:
>> Erik Trulsson wrote:
>>> On Sat, Feb 10, 2007 at 02:06:37PM -0800, Michael wrote:
>>>> Hello everyone,
>>>> I'm building a production server and I have what may seem to be a very 
>>>> simple question so I hope it only requires a simple answer.
>>>> As I've studied the FreeBSD Handbook as well as the man pages for this, 
>>>> it's still not clear to me which tag I should use for a production server.
>>>> For my sources I always use the security branch for the release we are 
>>>> using so that they stay stable and also plug most of the security issues 
>>>> as they arise and so the sources tag is always RELENG_6_2.
>>>> For the ports, the default tag is always tag=. which I'm not sure is the 
>>>> best thing for a production server since that's the tab for -CURRENT.  
>>>> On one hand it makes sense to track that branch for ports because that's 
>>>> where fixes would go for applications as they find them, but I'm not 
>>>> convinced this is the best thing for a production server and wonder if I 
>>>> should also use the security branch for the ports.
>>>> My first question is, does any real security fixes go into the ports 
>>>> when you pull from a security branch?  In other words, do maintainers 
>>>> actually submit fixes to that branch for the ports?
>>>> I have a similiar question for the docs as well, should we be tracking 
>>>> only the security branch when using cvsup for sources, ports and doc's?
>>> Neither the ports tree nor the docs tree is branched.  I.e. there is no
>>> security branch for ports.  
>>> On the other hand you are not required to update installed ports/packages
>>> just because you update the ports tree.
>> What do you mean they aren't branched?  Of course they are or they 
>> wouldn't be in cvs and if I changed the tag, it wouldn't do anything 
>> (they wouldn't change on running cvsup), but they do change (ports get 
>> deleted/added/edited.), so I'm not following you here.
>> Can you elaborate on what you mean?
> What I mean is that the ports tree only has a single CVS branch, HEAD, which
> is what you get with tag=.
> There are no other branches. (Unlike the src/ tree which does have several
> different branches in addition to HEAD.)
> There are tags (like RELEASE_6_2_0 or RELEASE_5_2_1) that identify the ports
> tree at some specific point in time.
> If you update the ports tree with e.g. tag=RELEASE_6_2_0 you will get the
> ports tree in the same state as was shipped with FreeBSD 6.2-RELEASE.
> If you use the same tag a couple of months later you will get exactly the
> same thing - the ports tree as was shipped with FreeBSD 6.2-RELEASE.
> If you want to get updates to the ports tree you will have to use tag=. or
> wait until a new release has been made and use the tag corresponding to that
> particular release.
OK, that makes sense.  Now getting back to my original question, if you 
are running a production server, does it make sense to pull down ports 
which are under the -CURRENT tag=. or should anyone who's running a 
production server just stick with what's in the current release ports?  
Would I benefit more from pulling down the most current ports because it 
offers the most up to date packages? 

If neither is safer than I think it's probably ok to just continue to 
pull down the most current, if that's not true than I should probably 
just use the ports which came with the release.  This is what I'd like 
people's comments on more than anything else.

Thanks for your feedback I really appreciate it.

Michael Lawver

More information about the freebsd-questions mailing list